An agent has a problem with two CA WA (DSeries) managers that reside behind a firewall. The agentparm.txt file is configured for the 'public' IP address yet at some point the agent will start attempting to communicate with the private address.

Document ID : KB000052874
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

An agent has a problem with a CA WA (DSeries) manager that resides behind a firewall. The firewall is configured to do a NAT from private IP to public. The agentparm file is configured for the 'public' IP address of servers yet at some point the agent will start attempting to communicate with the private address. The agent has 'Remember Manager address changes between restarts' set to false. A restart of the agent clears things up for sometime but error re-occurs eventually.

Solution:

When a manager is behind firewall with private IP, it will try to change the IP address of the agent on the other side of the firewall.

To prevent this from happening, and to make the agent to ignore the IP change commands sent by the manager, enable agent security and add CONTROL MGR line in the security.txt in the agents install dir. Example of security.txt:

c a * * *
c d * CONTROL MGRADDR
f d * * +
x d * * +

An alternative solution is to let the manager talk to the agent without firewall translating the IP address. This may not always be acceptable to customer as it may raise certain networking and security issues.