000039238 - A Firewall is blocking Remote AFX Agents and Remote Collection Agents from communicating with the Application Server in RSA Identity Governance & Lifecycle

Document created by RSA Customer Support Employee on Aug 15, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039238
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1, 7.0.x, 7.1.x
 
IssueA firewall is blocking Remote AFX Agents and Remote Collection Agents from communicating with the RSA Identity Governance & Lifecycle Application Server. The firewall is reporting the communication as a security threat. As a result, neither agent can successfully start.
 
CauseThis is a known issue reported in engineering ticket ACM-92819.

RSA Identity Governance & Lifecycle Root (Server) and Client Certificates are not compliant with the RFC-5280 standard. As a result, firewalls may block communication with Remote AFX Agents and Remote Collection Agents.
 
ResolutionThis issue is resolved in RSA Identity Governance & Lifecycle 7.2.0. Follow these steps to fully resolve the issue:
  1. Upgrade to RSA Identity Governance & Lifecycle 7.2.0.
  2. Regenerate the server and client certificates as instructed in RSA Knowledge Base Article 000038314 -- How to Update the Root (Server) and Client Certificates in RSA Identity Governance & Lifecycle.
WorkaroundOpen up the firewall to allow the communication.
 

Attachments

    Outcomes