UI not reachable on port 443 in RSA Governance & Lifecyle Virtual Application
2 years ago
Article Number
000068272
Applies To

This is a known issue in the following version:

  • RSA Governance & Lifecycle Virtual Application (OVA) 8.0.0
Issue
After successfully completing the installation/configuration of RSA Governance & Lifecycle Virtual Application (OVA), an attempt to access the UI on port 443 fails with ERR_CONNECTION_REFUSED error on the browser (e.g., Google Chrome).  The UI can be accessed using port 8443.
Cause
Port redirection from 443 to 8443 is not configured by default on RSA Governance & Lifecycle Virtual Application. 
Resolution
This issue has been resolved in the following version/patch:
  • RSA Governance & Lifecycle Virtual Application (OVA) 8.0.0 P01
A workaround is available for the 8.0 GA version of RSA Governance & Lifecycle Virtual Application (OVA). Follow the steps provided in the Workaround section to enable firewall service and configure port redirection.
Workaround
Follow the steps below to enable firewall service and configure port redirection on RSA Governance & Lifecycle Virtual Application (OVA).  These steps can be carried out before or immediately following the installation/configuration of the Governance & Lifecyle application on the Virtual Application VM.
  1. SSH as root to (or login as root on the console of) the Virtual Application VM
  2. Enable and start the firewall service: 
    systemctl enable firewalld.service
systemctl start firewalld.service
  3. Check the active Zone 
    firewall-cmd --get-active-zones
    For example, the output may show "docker" as the active zone: 
    acm-vapp:~ # firewall-cmd --get-active-zones
docker
  interfaces: eth0 bond0
  4. Open the active zone config file (e.g., docker.xml) with a text editor: 
    vi /etc/firewalld/zones/docker.xml
  5. Add the following lines AFTER the last of the lines that look like "<port port=...": 
      <forward-port port="443" protocol="tcp" to-port="8443"/>
  <forward-port port="444" protocol="tcp" to-port="8444"/>
  6. Reload the firewall: 
    firewall-cmd --reload
  7. RSA Governance & Lifecycle UI should now be accessible using 443 port
Notes
The default firewall service has changed from SuSEfirewall2 in SecurID Governance & Lifecycle Virtual Application 7.5.2 (based on SLES 12) to Firewalld in RSA Governance & Lifecycle Virtual Application 8.0.0 (based on SLES 15).

Related Articles

Trending Articles

Don't see what you're looking for?