This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JashUpadhyay
Occasional Contributor
Occasional Contributor
‎2017-03-04 04:16 AM

LookUp authentication agent failed error in RSA manager? Steps to resolve it?

Jump to solution

HI Team 

 

I have done the integration of RSA manager with fortigate firewall. Created one user in RSA manager for testing purpose and created a entry in fortigate VPN section for login. I have tested the connectivity from fortigate to the RSA Manager, Its working fine. User testing also I have done from the firewall end. I have generated token as well. Now when I am trying to login from Forti client (VPN) I am getting a error as "Permission  Denied" and when I checked the logs it says as LookUp authentication agent failed.

Integration model number -

Fortigate 600C software ver. v5.2.3,build670 (GA)

 I have also attached a screenshot kindly have a look. 

 

Regards 

Jash Upadhyay

Labels (1)
Labels
Preview file
66 KB
0 Likes
Reply
1 Solution

Accepted Solutions
EdwardDavis
Employee
Employee
In response to JashUpadhyay
‎2017-03-06 08:09 AM

Jump to solution

That error message is saying: I see an authentication request coming in from an IP address, but I cannot find

that IP address anywhere in my agent config or my radius client config.

 

You need to create a new radius client with that IP address, and save it, and when saving, choose save and create associated RSA agent, and then save that next screen. Now you have both a radius client entry, and an authentication agent entry. The RSA server can now handle either radius auth ,or standard securid auth, [or both], from the IP address.

View solution in original post

Reply
4 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-03-05 03:40 PM

Jump to solution

You either need an authentication agent, or a RADIUS Client with associated Authentication agent.  I think most of the Fortigates use RADIUS to talk to SecurID, so the later, which is described in one of the Implementation Guides I found on RSA Link

https://community.rsa.com/docs/DOC-62890 

0 Likes
Reply
JashUpadhyay
Occasional Contributor
Occasional Contributor
In response to JayGuillette
‎2017-03-06 02:19 AM

Jump to solution

Hi Jay 

 

Thank you for your reply really appreciate it. I tired checking the user which I created on the RSA manager to connect from the firewall its working. But when I connect from forti client (VPN) to internal network I am not able to connect and getting the same error as above. Can you please tell me how should I go about with the troubleshooting?

The link which you provided is same of the current page.

 

Regards

Jash Upadhyay 

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to JashUpadhyay
‎2017-03-06 08:09 AM

Jump to solution

That error message is saying: I see an authentication request coming in from an IP address, but I cannot find

that IP address anywhere in my agent config or my radius client config.

 

You need to create a new radius client with that IP address, and save it, and when saving, choose save and create associated RSA agent, and then save that next screen. Now you have both a radius client entry, and an authentication agent entry. The RSA server can now handle either radius auth ,or standard securid auth, [or both], from the IP address.

Reply
JashUpadhyay
Occasional Contributor
Occasional Contributor
In response to EdwardDavis
‎2017-03-07 02:00 AM

Jump to solution

HI Edward 

 

Thanks for your reply, it helped!!. 

 

Regards 

Jash Upadhyay

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.