The Nexus IQ Server requires HTTP access to Sonatype hosted services in order to function.
Firewall administrators must ensure the following URL is accessible to the Nexus IQ Server:
The Nexus IQ Server also sends HTML based notification emails to your users. These emails contain links to static resources loaded from:
Therefore email clients which load notification messages should have access to the cdn sub-domain to ensure proper HTML formatted rendering.
If you're still having issues accessing these URLs after the steps above, you can take a closer look at the error message itself.
The message, for example, may be of the following form:
YYYY-MM-DD HH:MM:SS,mmm+0000 ERROR [dw-73 - GET /rest/product/notifications?timestamp=...] admin com.sonatype.insight.brain.hds.DefaultHdsClient - Connect to clm.sonatype.com:443 [clm.sonatype.com/184.108.40.206] failed: connect timed out
org.apache.http.conn.ConnectTimeoutException: Connect to clm.sonatype.com:443 [clm.sonatype.com/220.127.116.11] failed: connect timed out
Does clm.sonatype.com actually resolve to 18.104.22.168 on public DNS servers (e.g. via https://dnschecker.org/#A/clm.sonatype.com)? It could be that the IP that is listed in the log event was valid at one point, but is no longer so. The Cloudfront nodes fronting clm.sonatype.com are recycled regularly by AWS, so the IPs mapped to clm.sonatype.com will rotate as a result. You can check to see if your internal DNS server hasn't caught up and is serving a stale record.