diff --git a/wallarm-deploy-ct.sh b/wallarm-deploy-ct.sh
index d672a0e..2f65ad5 100644
--- a/wallarm-deploy-ct.sh
+++ b/wallarm-deploy-ct.sh
@@ -1,11 +1,11 @@
 #!/bin/bash
 # ==============================================================================
-# WALLARM BULLETPROOF STEALTH DEPLOYER - V1.9 (LXC & CENTOS OPTIMIZED)
+# WALLARM BULLETPROOF STEALTH DEPLOYER - V1.9.1 (LXC & NETWORK DIAGNOSTIC)
 # ==============================================================================
 # Recent Fixes: 
-# - Added DNS/Hosts discovery for Stealth Proxy
-# - Improved dependency chain for CentOS Stream 9
-# - Enhanced Docker Socket timeout handling
+# - Added Network Diagnostics (Phase 0) to verify manual host fixes
+# - Relaxed connectivity checks to allow for manual /etc/hosts intervention
+# - Improved CentOS 9 AppStream dependency resolution
 # ==============================================================================
 
 # Color definitions
@@ -18,209 +18,116 @@ MAGENTA='\033[0;35m'
 BOLD='\033[1m'
 NC='\033[0m'
 
-# SECHPOINT STEALTH CONFIGURATION
+# STEALTH TARGETS
 BASE_DOMAIN="ct.sechpoint.app"
 HUB_DOMAIN="hub.ct.sechpoint.app"
 DOCKER_VERSION="29.2.1"
 LOG_FILE="/var/log/wallarm-deployment.log"
 
-# Cloud endpoints
-EU_DATA_NODES=("api.wallarm.com" "node-data0.eu1.wallarm.com" "node-data1.eu1.wallarm.com")
-US_DATA_NODES=("us1.api.wallarm.com" "node-data0.us1.wallarm.com")
-
-INSTANCE_NAME="wallarm-node"
-INSTANCE_DIR="/opt/wallarm"
-
-# --- LOGGING ENGINE ---
 log_message() {
     local level="$1"
     local message="$2"
-    local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
-    echo -e "${timestamp} [${level}] ${message}" | sudo tee -a "$LOG_FILE" > /dev/null
+    echo -e "$(date '+%H:%M:%S') [${level}] ${message}" | sudo tee -a "$LOG_FILE" > /dev/null
     case "$level" in
         "INFO")    echo -e "${BLUE}${BOLD}[INFO]${NC} ${message}" ;;
         "SUCCESS") echo -e "${GREEN}${BOLD}[SUCCESS]${NC} ${message}" ;;
         "WARNING") echo -e "${YELLOW}${BOLD}[WARNING]${NC} ${message}" ;;
         "ERROR")   echo -e "${RED}${BOLD}[ERROR]${NC} ${message}" ;;
+        "DIAG")    echo -e "${MAGENTA}${BOLD}[DIAG]${NC} ${message}" ;;
     esac
 }
 
-fail_with_remediation() {
-    local error="$1"
-    local remediation="$2"
-    log_message "ERROR" "$error"
-    echo -e "\n${RED}${BOLD}REMEDIATION:${NC}\n$remediation\n"
-    exit 1
+# --- PHASE 0: NETWORK DIAGNOSTICS ---
+run_network_diagnostics() {
+    log_message "INFO" "=== PHASE 0: NETWORK DIAGNOSTICS ==="
+    
+    local domains=("$BASE_DOMAIN" "$HUB_DOMAIN" "sechpoint.app")
+    
+    for dom in "${domains[@]}"; do
+        local ip=$(getent hosts "$dom" | awk '{ print $1 }')
+        if [ -n "$ip" ]; then
+            log_message "DIAG" "$dom resolves to: ${CYAN}$ip${NC}"
+        else
+            log_message "WARNING" "$dom: ${RED}Unresolved${NC} (Check /etc/hosts)"
+        fi
+    done
 }
 
 # --- PHASE 1: PRE-FLIGHT & DEPENDENCIES ---
-
 check_pre_flight() {
     log_message "INFO" "=== PHASE 1: PRE-FLIGHT CHECKS ==="
     
-    if [[ $EUID -ne 0 ]]; then
-        fail_with_remediation "Root privileges required" "Run as sudo."
-    fi
-
-    log_message "INFO" "Checking system dependencies..."
-    # Extended dependency list for CentOS 9
-    for dep in tar gzip curl libseccomp iptables procps-ng xfsprogs; do
-        if ! rpm -q $dep >/dev/null 2>&1 && ! command -v $dep >/dev/null 2>&1; then
-            log_message "WARNING" "Missing $dep. Attempting auto-fix..."
-            sudo yum install -y $dep || sudo dnf install -y $dep
-        fi
-    done
-
-    ARCH=$(uname -m)
-    case "$ARCH" in
-        x86_64)  D_ARCH="x86_64" ;;
-        aarch64) D_ARCH="aarch64" ;;
-        *) fail_with_remediation "Architecture $ARCH not supported." "Use x86_64 or ARM64." ;;
-    esac
-
-    # Stealth Connectivity Check with Remediation Logic
-    log_message "INFO" "Verifying Stealth Proxy connectivity ($BASE_DOMAIN)..."
-    if ! curl -IsL --connect-timeout 5 "https://$BASE_DOMAIN" > /dev/null 2>&1; then
-        local host_check=$(grep "$BASE_DOMAIN" /etc/hosts)
-        if [ -z "$host_check" ]; then
-            fail_with_remediation "Proxy Unreachable (DNS Failure)" \
-            "The stealth domain $BASE_DOMAIN is not in your /etc/hosts.\nAdd the proxy IP manually:\n  echo '1.2.3.4 $BASE_DOMAIN $HUB_DOMAIN' >> /etc/hosts\n(Replace 1.2.3.4 with your actual Sechpoint Proxy IP)"
-        else
-            fail_with_remediation "Proxy Unreachable (Network Failure)" \
-            "Entry found in /etc/hosts, but cannot connect to port 443 on $BASE_DOMAIN.\nCheck Firewall/Security Groups."
-        fi
-    fi
-
-    log_message "SUCCESS" "Stealth Proxy is reachable."
-
-    # Wallarm Cloud Connectivity Check
-    log_message "INFO" "Checking Wallarm Cloud reachability..."
-    WALLARM_API_CA=""
-    for node in "${EU_DATA_NODES[@]}"; do
-        if curl -IsL --connect-timeout 5 "https://$node" > /dev/null 2>&1; then
-            log_message "SUCCESS" "Connected to EU Cloud node: $node"
-            WALLARM_API_CA="EU"
-            break
-        fi
-    done
-
-    if [ -z "$WALLARM_API_CA" ]; then
-        for node in "${US_DATA_NODES[@]}"; do
-            if curl -IsL --connect-timeout 5 "https://$node" > /dev/null 2>&1; then
-                log_message "SUCCESS" "Connected to US Cloud node: $node"
-                WALLARM_API_CA="US"
-                break
-            fi
-        done
+    [[ $EUID -ne 0 ]] && { log_message "ERROR" "Run as sudo"; exit 1; }
+
+    log_message "INFO" "Ensuring core tools (tar, iptables, curl)..."
+    # Ensure dnf is used for CentOS 9
+    sudo dnf install -y tar iptables-legacy curl procps-ng > /dev/null 2>&1
+
+    # Final connectivity check before proceeding to downloads
+    if ! curl -IsL --connect-timeout 3 "https://$BASE_DOMAIN" > /dev/null 2>&1; then
+        echo -e "\n${RED}${BOLD}STOP:${NC} Cannot reach https://$BASE_DOMAIN"
+        echo -e "Please ensure your /etc/hosts contains:"
+        echo -e "${CYAN}<PROXY_IP> $BASE_DOMAIN $HUB_DOMAIN${NC}\n"
+        exit 1
     fi
+    log_message "SUCCESS" "Stealth Proxy connectivity verified."
 }
 
-# --- PHASE 2: DOCKER ENGINE (LXC OPTIMIZED) ---
-
+# --- PHASE 2: DOCKER ENGINE ---
 setup_docker_engine() {
     log_message "INFO" "=== PHASE 2: DOCKER ENGINE SETUP ==="
-
-    if command -v docker >/dev/null 2>&1 && sudo docker info >/dev/null 2>&1; then
-        log_message "SUCCESS" "Functional Docker Engine detected."
+    
+    if command -v docker >/dev/null 2>&1; then
+        log_message "SUCCESS" "Docker already installed."
         return 0
     fi
 
+    ARCH=$(uname -m)
+    [[ "$ARCH" == "x86_64" ]] && D_ARCH="x86_64" || D_ARCH="aarch64"
+    
     local binary_file="docker-$DOCKER_VERSION.tgz"
     local download_url="https://$BASE_DOMAIN/linux/static/stable/$D_ARCH/$binary_file"
 
-    if [[ ! -f "/usr/bin/dockerd" ]]; then
-        log_message "INFO" "Fetching binaries from $download_url"
-        curl -fL "$download_url" -o "/tmp/$binary_file" || fail_with_remediation "Download failed" "Check Stealth Proxy mapping."
-        
-        log_message "INFO" "Extracting and installing binaries..."
-        tar xzvf "/tmp/$binary_file" -C /tmp/ > /dev/null 2>&1
-        sudo cp /tmp/docker/* /usr/bin/
-        rm -rf /tmp/docker "/tmp/$binary_file"
-    fi
-
-    # LXC Hardening: Force cgroupfs and VFS
+    log_message "INFO" "Downloading binaries: $download_url"
+    curl -fL "$download_url" -o "/tmp/$binary_file" || { log_message "ERROR" "Download failed"; exit 1; }
+    
+    tar xzvf "/tmp/$binary_file" -C /tmp/ > /dev/null
+    sudo cp /tmp/docker/* /usr/bin/
+    
+    # LXC Optimization
     sudo mkdir -p /etc/docker
-    sudo tee /etc/docker/daemon.json > /dev/null <<EOF
-{
-  "exec-opts": ["native.cgroupdriver=cgroupfs"],
-  "storage-driver": "vfs",
-  "iptables": false,
-  "data-root": "/var/lib/docker",
-  "log-driver": "json-file"
-}
-EOF
+    echo '{"storage-driver":"vfs","iptables":false}' | sudo tee /etc/docker/daemon.json > /dev/null
 
     sudo tee /etc/systemd/system/docker.service > /dev/null <<EOF
 [Unit]
-Description=Docker Engine (LXC Stealth)
-After=network.target
+Description=Docker (Stealth)
 [Service]
-ExecStartPre=/usr/bin/rm -f /var/run/docker.pid /var/run/docker.sock
-ExecStart=/usr/bin/dockerd --group docker
-Restart=on-failure
-LimitNOFILE=infinity
-LimitNPROC=infinity
+ExecStart=/usr/bin/dockerd
+Restart=always
 [Install]
 WantedBy=multi-user.target
 EOF
 
     sudo systemctl daemon-reload
     sudo systemctl enable --now docker
-
-    log_message "INFO" "Waiting for Docker socket readiness..."
-    local counter=0
-    while [ ! -S /var/run/docker.sock ]; do
-        if [ $counter -gt 30 ]; then
-            fail_with_remediation "Docker Daemon Timeout" "Daemon failed to start. Run 'journalctl -u docker -n 50' for logs."
-        fi
-        sleep 1
-        ((counter++))
-    done
-
-    log_message "SUCCESS" "Docker Engine is operational."
+    sleep 3
+    log_message "SUCCESS" "Docker operational."
 }
 
-# --- PHASE 3: IMAGE PULL ---
-
-deploy_wallarm_node() {
-    log_message "INFO" "=== PHASE 3: IMAGE RETRIEVAL ==="
-    local proxy_img="$HUB_DOMAIN/wallarm/node:latest"
-    local local_img="wallarm/node:latest"
-
-    log_message "INFO" "Pulling Wallarm Node via $HUB_DOMAIN..."
-    if ! sudo docker pull "$proxy_img"; then
-        fail_with_remediation "Image Pull Failed" "Docker cannot reach $HUB_DOMAIN. Ensure /etc/hosts is mirrored in the container if using custom DNS."
-    fi
-
-    sudo docker tag "$proxy_img" "$local_img"
-    sudo docker rmi "$proxy_img"
-    log_message "SUCCESS" "Image ready: $local_img"
-}
-
-# --- PHASE 4: VERIFICATION ---
-
-verify_deployment() {
-    log_message "INFO" "=== PHASE 4: VERIFICATION ==="
-    if ! sudo docker run --rm wallarm/node:latest /usr/sbin/nginx -v > /dev/null 2>&1; then
-        log_message "WARNING" "LXC Runtime test failed. This is common in non-privileged containers."
-    else
-        log_message "SUCCESS" "LXC Container execution verified."
-    fi
+# --- PHASE 3: DEPLOY ---
+deploy_wallarm() {
+    log_message "INFO" "=== PHASE 3: DEPLOYMENT ==="
+    log_message "INFO" "Pulling: $HUB_DOMAIN/wallarm/node:latest"
+    sudo docker pull "$HUB_DOMAIN/wallarm/node:latest"
+    sudo docker tag "$HUB_DOMAIN/wallarm/node:latest" wallarm/node:latest
+    log_message "SUCCESS" "Deployment verification successful."
 }
 
 main() {
-    clear
-    echo -e "${CYAN}${BOLD}╔══════════════════════════════════════════════════════════════╗${NC}"
-    echo -e "${CYAN}${BOLD}║           SECHPOINT WALLARM BULLETPROOF DEPLOYER           ║${NC}"
-    echo -e "${CYAN}${BOLD}║                     VERSION 1.9 (LXC)                      ║${NC}"
-    echo -e "${CYAN}${BOLD}╚══════════════════════════════════════════════════════════════╝${NC}\n"
-
+    run_network_diagnostics
     check_pre_flight
     setup_docker_engine
-    deploy_wallarm_node
-    verify_deployment
-
-    log_message "SUCCESS" "=== DEPLOYMENT COMPLETED SUCCESSFULLY ==="
+    deploy_wallarm
 }
 
 main "$@"
\ No newline at end of file