|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager, Webtier
RSA Version/Condition: 8.x
|Issue||This article explains and provides a solution for issues which are seen when trying to connect to the RSA web tier from the internet. The requests to the web tier are being routed through a load balancer; in this case, Azure App Gateway.|
The Authentication Manager server was unable to identify the incoming requests though the the backend instance IP addresses of the Azure App Gateway added under the Virtual Host load balancer page in the Operations Console.
|Cause||The error seems to be an issue with the X-forward related configuration on the load balancer. |
The RSA Authentication Manager Server does not expect that the request from the firewall will be sent in the format <IP Address>:<Port> in the header; rather it expects the request contain only the IP address, that is <IP Address>
|Resolution||To resolve the issue, remove x-forwarded-for header which is a comma-separated list of IP:port from the load balancer configuration.|
For more information please refer to the section entitled "Modifications to the request" in the article from Microsoft on How an Azure application gateway works.