Client Authentication Agent disconnects each firewall rules changes

Hi Dave,

You can send the community thread link to support team, indicating that this is tested and confirmed.

Please DM me the case#.

Thanks

I have tested the Client Authentication Agent in a Linux PC in verbose mode, and always I edit the policy rule it also disconnects but reconnects again, here are the logs:

caa started in foreground mode.
Connecting to host 1.2.3.4 ...
Connected with AES256-SHA encryption.
Login was accepted.
PONG sent!
1 IPv4 addresses sent!
1 IPv6 addresses sent!
1 MAC addresses sent!
OK Notification received.
OK Notification received.
OK Notification received.
PING received.
PONG sent!
Type 23 Message received (5 Bytes): 23 0 1 0 10
Function SSL_read() failed! Error code: 6
Connecting to host 1.2.3.4 ...
Connected with AES256-SHA encryption.
Login was accepted.
PONG sent!
1 IPv4 addresses sent!
1 IPv6 addresses sent!
1 MAC addresses sent!
OK Notification received.
OK Notification received.
OK Notification received.
PING received.
PONG sent!
Function SSL_read() failed! Error code: 6
Connecting to host 1.2.3.4 ...
Connected with AES256-SHA encryption.
Login was accepted.
PONG sent!
1 IPv4 addresses sent!
1 IPv6 addresses sent!
1 MAC addresses sent!
OK Notification received.
OK Notification received.
OK Notification received.
PING received.
PONG sent!
PING received.
PONG sent!
PING received.
PONG sent!
PING received.
PONG sent!
Function SSL_read() failed! Error code: 6
Connecting to host 1.2.3.4 ...
Connected with AES256-SHA encryption.
Login was accepted.
PONG sent!
1 IPv4 addresses sent!
1 IPv6 addresses sent!
1 MAC addresses sent!
OK Notification received.
OK Notification received.
OK Notification received.
PING received.
PONG sent!
PING received.
PONG sent!
PING received.
PONG sent!
PING received.
PONG sent!
PING received.
PONG sent!
PING received.
PONG sent!
PING received.
PONG sent!
PING received.
PONG sent!
PING received.
PONG sent!
Function SSL_read() failed! Error code: 6
Connecting to host 1.2.3.4 ...
Connected with AES256-SHA encryption.
Login was accepted.
PONG sent!
1 IPv4 addresses sent!
1 IPv6 addresses sent!
1 MAC addresses sent!
OK Notification received.
OK Notification received.
OK Notification received.

In Windows 7 machines the CAA does not reconnects again altough there is no antivirus installed.

Sachin,

We are still waiting for feedback regarding this case. I did as you suggested and updated our case with this forum post. I also sent you the case #

I will keep everyone up to date when I get an answer on our open case.

Dave

Just wanted to give anyone watching this thread an update:

Case has been open for almost 2 months and was escalated to the Development Team. No other information has been given.

Dave

Hi Dave,

The behavior is reported in NC-5322. Our development team is working on a fix. Unfortunately, I do not have any update about when the fix will be completed.

Thanks for your patience. 

I have been using XG for some time, and recently switched to the beta16 load.  I also recently started turning on some of the firewall features, including using CAA on all non-server PCs, laptops, and mobile devices.  For the Windows 10 systems, I believe I've seen the same issues as those listed here, but I cannot verify that it is always a firewall policy change that causes the disconnect.  There are times that CAA becomes disconnected (most notably recently after a firmware upgrade which restarted XG).  I have been changing policies quite a bit lately, so it is possible that is also a cause of the disconnect, but I haven't made any direct observations about that. 

What is annoying is that CAA does not try to reconnect on its own.  It will connect automatically when the user logs in, but a disconnect on a running system requires the user to open CAA and confirm their login credentials.  It seems to me that CAA should try to reconnect to the firewall on its own.

Fortunately I've only turned this on for about 5 or so clients.  This would really be annoying on a large user base.

So I would expect this to be fixed sometime soon.  And, if this can be fixed on CAA only, please release and provide new CAA executables and instructions for replacing the CAA instance in the firewall so the new version is presented on the client portal.

Any updates on this issue?

Thanks

Hi Kumar,

It is still under development.

Thanks

Can anyone confirm if this has been corrected in v16?

Since v16, I am not experiencing this issue anymore.
Using CAA on MAC OSX 10.10.5