Symantec Access Management

 View Only
  • 1.  arcotafm.log not showing the actual ClientIP Address

    Posted Apr 08, 2021 10:44 PM
    Edited by Mohammad Javed Apr 08, 2021 10:47 PM

    Dears,

    The ClientIP in the arcotafm.log is not capturing the actual IP address of the user who has initiated the request. Instead, it is capturing the Access gateway IP address which 192.168.1.2

    I believe that for the Risk authentication rules such as for Geolocation, Anonymous IPs etc this ClientIP is being checked by the Risk authentication Module and not the X-FORWARDED-FOR header. Please confirm !!!

    If ClientIP is being checked, then it is important that this ClientIP resembles the right IP address. I can see that the X-FORWARDED-FOR header is capturing the right IP address.

    Kindy let us know how we can capture the original IP address in the ClientIP.

    Below is the reference log:

    Arcotafm.log:

    2021-03-22 10:28:05,153 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> X-FORWARDED-FOR Header passed ::5.41.150.114 |20210322072803.310.98fed189
    2021-03-22 10:28:05,153 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> As X-FORWARDED-FOR functionality not enabled, ignoring X-FORWARDED-FOR header |20210322072803.310.98fed189
    2021-03-22 10:28:05,153 [http-nio-8080-exec-5] INFO  integrations.frontend.LifeCycleStateData(729) [] -> Setting ClientIP as 192.168.1.2 for request processing, whereas Remote ClientIP passed to AFM as 192.168.1.2 |20210322072803.310.98fed189

    Best Regards



  • 2.  RE: arcotafm.log not showing the actual ClientIP Address

    Broadcom Employee
    Posted Apr 11, 2021 05:35 PM
    Hi Javed,

    By default this setting is disabled in product after 8.2.02 version, which version you are running. You need to open the ARCOT_HOME/conf/afm/arcotafm.properties file and then change the value to true for below parameter
    # ==========================================================================
    # X-FORWARDED-FOR functionality parameters
    # ==========================================================================
    XFFEnabled=false

    This will need a restart of the application server to take into effect.

    -Namish


  • 3.  RE: arcotafm.log not showing the actual ClientIP Address

    Posted Apr 14, 2021 03:55 AM
    Dear Namish Tiwari,

    Thanks for your quick support. It works now after configuring the XFFEnabled=true.






  • 4.  RE: arcotafm.log not showing the actual ClientIP Address

    Posted May 15, 2021 05:11 AM
    Dear Namish Tiwari,

    Just a query ! Now after enabling this parameter i can see that the X-Forwarded IP is being captured in the Client IP but the Remote Client IP passed to AFM is still capturing the CA Access Gateway IP. So just wanted to confirm this that the Remote Client IP has no role to play in the Risk rules right  ? Risk rules will always consider the Client IP address only which has the X-forwarded IP correct ?

    Arcotafm.log:

    2021-03-22 10:28:05,153 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> X-FORWARDED-FOR Header passed ::5.41.150.114 |20210322072803.310.98fed189
    2021-03-22 10:28:05,153 [http-nio-8080-exec-5] DEBUG integrations.frontend.LifeCycleStateData(717) [] -> As X-FORWARDED-FOR functionality not enabled, ignoring X-FORWARDED-FOR header |20210322072803.310.98fed189
    2021-03-22 10:28:05,153 [http-nio-8080-exec-5] INFO  integrations.frontend.LifeCycleStateData(729) [] -> Setting ClientIP as 5.41.150.114 for request processing, whereas Remote ClientIP passed to AFM as 192.168.1.2 |20210322072803.310.98fed189

    Best Regards,
    Javed




  • 5.  RE: arcotafm.log not showing the actual ClientIP Address

    Broadcom Employee
    Posted May 17, 2021 10:34 AM
    Hi Javed,

    Your assumptions are correct here. you can also see that when you run the analyze transactions report and see the client IP address in that just to confirm.
    -Namish


  • 6.  RE: arcotafm.log not showing the actual ClientIP Address

    Posted May 18, 2021 06:26 AM
    Dear Namish,

    Thank you very much for your kind and quick support. We really appreciate that.

    Best Regards