This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
AlexanderKromat
Beginner
Beginner
‎2019-11-06 02:16 AM

Publish Self-Service Portal via WAF (Sophos UTM)

Jump to solution

Hi,
I'm trying to publish the RSA SecureID self-service portal via a Sophos UTM firewall using the Web Applications Firewall (WAF).
Basically it works too. But individual files are not delivered by the web server. These are CSS and JS files. Publishing via NAT is not an option for me.
I've tried that it ends up on the appliance itself or on the web tier.
Has anyone got an idea? Or does it help to update to a newer version of the RSA server? 8.3 and 8.4 would be possible.
I only found instructions for very old RSA versions with WAF on the internet and it was easy there.
Alex

0 Likes
Reply
1 Solution

Accepted Solutions
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
In response to AlexanderKromat
‎2019-11-07 08:17 AM

Jump to solution

Sorry to say, but this appears to require more hands-on investigation than can be provided in this forum.  You should open a case with RSA Support; you can do this online at  https://community.rsa.com/community/support or by calling the support line +1 800 995 5095.

View solution in original post

Reply
6 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2019-11-06 08:44 AM

Jump to solution

Alexander Kromat‌,

 

I've moved your question to the RSA SecurID Access" data-type="space space where it will be seen by the product's support engineers, other customers and partners.  Please bookmark this page and use it when you have product-specific questions.

 

Alternatively, from the RSA Customer Support page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question.  From there, scroll to RSA SecurID Access" data-type="space‌ and click Ask A Question.  That way your question will appear in the correct space.

 

Regards,

Erica

0 Likes
Reply
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
‎2019-11-06 09:49 AM

Jump to solution

It's hard to comment without knowing more about your current system, but I have a question and two observations:

 

  1. You mention the Self Service Portal. Are you using the SecurID Access Prime Self Service Portal (SSP), or did you mean the Self Service Console that comes with Authentication Manager? There's a difference.
  2. You should definitely be looking into upgrading to AM8.4 if you are still on 8.2 or earlier; there have been many feature, performance and security enhancements and fixes. You may also be running an out-of-support version.
  3. It sounds like you are not using the webtiers to securely expose the Self Service Console.  Why not?  (okay, that's two questions) The webtier is designed to safely sit in a DMZ (or equivalent) behind firewalls and/or load balancers and offload much of the self service session processing from the Primary, as well as provide Dynamic Seed Provisioning capabilities to securely deliver soft token seeds into end user devices via the internet.
Reply
AlexanderKromat
Beginner
Beginner
In response to StevenSpicer
‎2019-11-06 10:04 AM

Jump to solution

Hi,

i try the Self-Service Console from the Authentication Manager and Web Tier. With same effect.

I do not want to NAT Port 443 from external to my Web Tier. This works but the Port 443 is still used for another service. Thats why i want to use WAF and Host-Header selection and URL hardening.

After some additional test it seems to be an problem with the extJS Library used in the portal. All other Links works fine.

 

/console-selfservice/framework/js/extjs/4.0.2a/ext-all.js

 

All modules after that path including extjs are not working, except when connecting directly to the portal. All Files are there.

 

Perhaps an problem with modsecurity.

 

Alex

0 Likes
Reply
AlexanderKromat
Beginner
Beginner
In response to AlexanderKromat
‎2019-11-07 07:39 AM

Jump to solution

Hi,

updated today to AM 8.4 Patch 7 with same problem.

Any ideas?

0 Likes
Reply
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
In response to AlexanderKromat
‎2019-11-07 08:17 AM

Jump to solution

Sorry to say, but this appears to require more hands-on investigation than can be provided in this forum.  You should open a case with RSA Support; you can do this online at  https://community.rsa.com/community/support or by calling the support line +1 800 995 5095.

Reply
AlexanderKromat
Beginner
Beginner
In response to StevenSpicer
‎2019-11-12 05:25 AM

Jump to solution

Ok i open an case.

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.