search cancel

What is the impact of "Stealth-mode Windows Firewall" setting on Policy Server?

book

Article ID: 21153

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

The Windows Firewall Stealth Mode is set by Default on Windows 2008 R2 server : http://technet.microsoft.com/en-us/library/dd448557%28WS.10%29.aspx

Failover for Webagent connected to Policy Server Running on Windows 2008 R2 having Windows firewall enabled (Stealth mode) can take more time.

Solution:

We do support firewall Stealth mode on the Policy Server.

The Stealth mode stops the RST message on PS process shutdown, web agent will wait on timeout to happen and will take more time to detect that the Policy Server is down.

Enabling Agent side Keep alive will help on detecting the Bad connection early.

Disabling the Stealth mode flag should not affect any SiteMinder functionality.

The stealth mode can be switched off :

http://msdn.microsoft.com/en-us/library/ff720058%28v=prot.10%29.aspx

Environment

Release:
Component: SMPLC