Article Number
000039238
Applies To
RSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 6.9.1, 7.0.x, 7.1.x
Issue
A firewall is blocking Remote AFX Agents and Remote Collection Agents from communicating with the RSA Identity Governance & Lifecycle Application Server. The firewall is reporting the communication as a security threat. As a result, neither agent can successfully start.
Cause
This is a known issue reported in engineering ticket ACM-92819.
RSA Identity Governance & Lifecycle Root (Server) and Client Certificates are not compliant with the RFC-5280 standard. As a result, firewalls may block communication with Remote AFX Agents and Remote Collection Agents.
Resolution
This issue is resolved in RSA Identity Governance & Lifecycle 7.2.0. Follow these steps to fully resolve the issue:
- Upgrade to RSA Identity Governance & Lifecycle 7.2.0.
- Regenerate the server and client certificates as instructed in RSA Knowledge Base Article 000038314 -- How to Update the Root (Server) and Client Certificates in RSA Identity Governance & Lifecycle.
Workaround
Open up the firewall to allow the communication.
