Skip to main content

Device Offline in Cloud but POS Working

Control Plane Tunnel Failure – Device Offline in Cloud but POS Working

R
Written by Rohit Yadav

1. Purpose

This document provides a detailed troubleshooting procedure for cases where a Pronto edge device appears Offline in the cloud dashboard, but the on-site network and POS transactions continue functioning normally.

This scenario indicates a control-plane failure while the data-plane remains operational.

2. Scope

Applies to:

  • Pronto LTE routers

  • Cloud-managed deployments

  • Restaurant / café / bar networks

  • NOC dashboard monitoring discrepancies

Does NOT apply to full WAN outage cases.

3. Background – Architecture Overview

Pronto routers operate with:

  • Data Plane → Routes client traffic (POS, LAN, Wi-Fi)

  • Control Plane → Maintains secure TLS tunnel to cloud for:

  • Monitoring

  • Telemetry

  • Configuration sync

  • Heartbeat updates

A failure in the control plane does NOT always impact traffic routing.

Common causes in LTE deployments:

  • CGNAT session timeout

  • Carrier IP rotation

  • NTP Sync failure

  • NTP communication blocked

4. Problem Description

Observed in Dashboard: Pronto devices shows offline while endpoints are working and communicating to public services.

  • Device shows Offline

  • Health score unavailable

  • No telemetry updates

Reported by Site:

  • POS processing normally

  • Internet working

  • No user complaints

5. Business Impact

  • NOC visibility lost

  • Configuration changes cannot be pushed

  • Alerts suppressed

  • False outage escalation

Severity Level:
Medium (High if prolonged > 30 minutes)

6. Common Root Causes

  1. Management TLS tunnel handshake failure

  2. Outbound port or pronto public IPs blocked by upstream firewall

  3. DNS resolution failure for cloud endpoint, If ISP allocated private DNS failed

  4. Router time (NTP not Sync) drift breaking TLS validation

  5. Pronto HB to other Tenant or Portal

  6. Endpoints are passing traffic via other layer 3 devices

7. Detailed Troubleshooting Procedure

Step 1 – Validate Data Plane

From back-office PC execute below command to config reachability.

  • ping 8.8.8.8

  • Traceroute 8.8.8.8

Confirm internet is working and traffic is passing through pronto gateway (Router)

  • Run test payment transaction if possible.

If POS fails → This is NOT control-plane-only.

Step 2 – Validate Router Internet Reachability

From router (if CLI available):

  • Test DNS resolution of cloud endpoint.

  • Test DNS resolution for HB URL from endpoints as well.

  • If DNS fails → investigate DNS separately.

Step 3 – Check Public IP Stability

From router status page:

  • Check LTE uplink status, if configured

  • Check Wired Uplink status, (Active/Down), in PCC portal

  • Compare with previous IP (if logs available)

If IP changed recently:
Likely a CGNAT session reset. If the uplink IP subnet changes but the router’s line protocol does not go down, Pronto will automatically renegotiate DHCP to obtain a new uplink IP after waiting 10–15 minutes.

Step 4 – Verify NTP Synchronization

Check NTP communication, If blocked

  • TLS validation may fail

  • Tunnel cannot re-establish

  • HB communication will fail, events sync will be stopped.

Note: Check for auto-NTP fallback to default public NTP or PCC HTTP NTP in case UDP Port 123 is blocked

Restart NTP sync - Update any public NTP in PCC dashboard, and reload the pronto device

Step 5 – Restart/Reset Pronto Device, after setting manual

  • Configure NTP via PCC portal

  • Restart or Reset the Pronto to synchronize with PCC portal

  • If reset/Restart does not solve the issue, probably NTP port is blocked, wait for Router to fall back on Pronto HTTP NTP server (usually takes up to 15 Minutes)

  • Avoid full reboot/reset unless necessary, it would disturb the communication

8. Resolution Scenarios

Scenario A – NTP Drift

  • Correct time →

  • By setting the correct NTP via configuration and reboot

  • After Reboot wait for auto NTP fallback (take 15 to 20 mins)

Scenario B – Firewall Blocking NTP Port or HB traffic

Check if is there any firewall on ISP Router or in transit blocking HB communication between Pronto devices and cloud controller

  • Use below command on windows machine to check NTP communication (client must be behind the Pronto)

# w32tm /stripchart /computer:pool.ntp.org /dataonly /samples:5

Scenario C – Device HB in different Tenant or Portal

After following all above steps, if Pronto device does not recover than contact Pronto Support.

9. Validation After Resolution

Confirm:

  • Device shows Online in dashboard

  • Telemetry updates resume

  • No further state flapping

  • Public IP stable

10. Preventive Measures

  • Reduce management idle timeout (if configurable)

  • Ensure NTP redundancy

  • Monitor frequent LTE IP rotation

  • Document required outbound cloud ports

Did this answer your question?