Not receiving any IPs / decisions from central API

I believe I have setup a my security engine wit a central LAPI correctly and connected it to a firewall bouncer.
However, the engine does not seem to be receiving updates from the Central API (console), which I assume would be blocklist decisions.

The engine logs a FORBIDDEN message, of which I am unsure if that is expected.

Mar 01 09:15:26 ch1 systemd[1]: Started CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network..
Mar 01 09:15:27 ch1 crowdsec[365156]: time="2024-03-01T09:15:27Z" level=warning msg="crowdsec agent is disabled"
Mar 01 09:15:27 ch1 crowdsec[365156]: time="2024-03-01T09:15:27Z" level=info msg="Enabled feature flags: <none>"
Mar 01 09:15:27 ch1 crowdsec[365156]: time="2024-03-01T09:15:27Z" level=info msg="Crowdsec v1.6.0-"
Mar 01 09:15:27 ch1 crowdsec[365156]: time="2024-03-01T09:15:27Z" level=info msg="Loading CAPI manager"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="CAPI manager configured successfully"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="Machine is enrolled in the console, Loading PAPI Client"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="Start push to CrowdSec Central API (interval: 5s once, then 10s)"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="Starting PAPI decision receiver"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=warning msg="scenario list is empty, will not pull yet"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="Starting Polling API Pull" interval=10 source=papi
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="CrowdSec Local API listening on 127.0.0.1:9674"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="Start sending metrics to CrowdSec Central API (interval: 19m59s once, then 30m0s)"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="Starting PAPI pull (since:0001-01-01 00:00:00 +0000 UTC)" interval=10 source=papi
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="starting polling client" component=longpollclient url="https://papi.api.crowdsec.net/v1/decisions/stream/poll"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="Start decisions sync to CrowdSec Central API (interval: 10s)" interval=10 source=papi
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=info msg="capi metrics: sending"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=error msg="unexpected status code: 402" component=longpollclient url="https://papi.api.crowdsec.net/v1/decisions/stream/poll"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=error msg="{\"error\":\"Forbidden for plan 'COMMUNITY'\",\"timestamp\":0}" component=longpollclient method=poll request-id="Root=1-65e19cb0-637989b1332d9179022747e7" url="https://papi.api.crowdsec.net/v1/decisions/stream/poll"
Mar 01 09:15:28 ch1 crowdsec[365156]: time="2024-03-01T09:15:28Z" level=error msg="failed to poll: user is not authorized to use PAPI" component=longpollclient url="https://papi.api.crowdsec.net/v1/decisions/stream/poll"

Maybe related, I have two secnarios installed, but they are not showing up on the console website

cscli scenarios list

SCENARIOS
────────────────────────────────────────────────────────────────────────────────────────────
 Name                        📦 Status   Version   Local Path                               
────────────────────────────────────────────────────────────────────────────────────────────
 crowdsecurity/ssh-bf        ✔️ enabled   0.3       /etc/crowdsec/scenarios/ssh-bf.yaml      
 crowdsecurity/ssh-slow-bf   ✔️ enabled   0.4       /etc/crowdsec/scenarios/ssh-slow-bf.yaml 
────────────────────────────────────────────────────────────────────────────────────────────

cscli console status
╭────────────────────┬───────────┬──────────────────────────────────────────────────────╮
│ Option Name        │ Activated │ Description                                          │
├────────────────────┼───────────┼──────────────────────────────────────────────────────┤
│ custom             │ ✅        │ Forward alerts from custom scenarios to the console  │
│ manual             │ ✅        │ Forward manual decisions to the console              │
│ tainted            │ ✅        │ Forward alerts from tainted scenarios to the console │
│ context            │ ❌        │ Forward context with alerts to the console           │
│ console_management │ ✅        │ Receive decisions from console                       │
╰────────────────────┴───────────┴──────────────────────────────────────────────────────╯

I feel like something is not righ with my connection to the console API.
I’d appreciate any advice

If you run cscli metrics do you see decisions with origin as CAPI? The error message you are getting is fine, as the papi client is only for enterprise customers but it will attempt to make the first reach out.

Im guessing you are using a custom built binary? as the version print statement does not look our normal one.

Also after the enrollment did you follow the prompt to Restart the crowdsec service after you have accepted?

Looks like the problem solved itself after I connected my local datasource.
My (apparently false) assumption was that those two things would work independently.

Is this because users of the community plan “must” share?

To get access to the community blocklist, you dont have to share. However, if you do not you will only get a small portion of the list so it fairer agaisnt those who do share.

These limits do NOT apply to third party lists which you will always get