Policy server cant connect locally on ports 44441-44444

book

Article ID: 131795

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign-On SITEMINDER CA Single Sign On Agents (SiteMinder)

Issue/Introduction

We're running a Policy Server and when we try to reach its ports using
telnet from range 44441 to 44444 and from a Web Agent machine, we get
the error "Connection refused". Could you help us to make the ports
available ?
 

Cause

On the Policy Server machine, 

- Disable temporarily SELinux : 

  # setenforce 0 

  How can I Disable SELinux in CentOS 7/6 and Fedora 18-24 
  https://www.tecmint.com/disable-selinux-temporarily-permanently-in-centos-rhel-fedora/ 

- Disable temporarily firewall : 

  # iptables -F 

- Verify that SELinux is disable 

  Run command 

  # getenforce 

  It should gives 

  disabled

  Run command 

  # iptables -L 

  It should gives :

  Chain INPUT (policy ACCEPT) 
  target prot opt source destination 

  Chain FORWARD (policy ACCEPT) 
  target prot opt source destination 

  Chain OUTPUT (policy ACCEPT) 
  target prot opt source destination 

  Start the Policy Server and try to reach the Policy Server ports.
 

Environment

  Policy Server 12.8 on RedHat 7; 

Resolution

Modifying iptables (Firewall) rules and applying SELinux configuration
as per documentation made the Policy Server ports availables.

Additional Information

(Optional) Add Exceptions to Security–Enhanced Linux (SELinux) 
https://docops.ca.com/ca-single-sign-on/12-8/en/installing/install-a-policy-server/install-policy-server-on-unix/run-the-installer 

The command for the Firewall and SELinux are temporary settings. To 
prevent the issue to re-occur, you may want to disable Firewall and 
SELinux permanently : 

SELinux 

Configure Security–Enhanced Linux (SELinux) to Work with CA Single Sign-On 
Follow these steps: 

Access the /etc/selinux/config file. 
Run the following command to check the current status: 

sestatus 

If SELinux is set to enforcing, change the status to either permissive
or disabled.

SELINUX=permissive 

or 

SELINUX=disabled 

https://docops.ca.com/ca-single-sign-on/12-8/en/installing/install-a-policy-server/install-policy-server-on-unix/run-the-installer