PingAccess

Agent field descriptions

The following table describes the fields available for managing applications in the Agents window.

Field Required Description

Name

Yes

Enter a unique alphanumeric name for the agent, up to 64 characters.

Description

No

Enter an optional description for the agent and its purpose.

PingAccess Host

Yes

In the PingAccess Host fields, enter the Hostname and Port of the PingAccess server where the agent should send requests.

The PingAccess Hostname and Port might not be the actual host and port to which that policy server is listening, depending on network routing configuration and network elements such as reverse proxies and load balancers. The PingAccess Host and PingAccess Port are where the agent sends its requests. For example, if you have a cluster of engines behind a load balancer, the PingAccess Host and PingAccess Port values might point to the load balancer, rather than directly to an engine host in order to provide fault tolerance for the agent connectivity.

Failover Host

No

In the Failover Host fields, enter the Hostname and Port of the PingAccess server where the agent should send requests in the event of a failover from the PingAccess Host.

Additional failover hosts can be added using the application programming interface (API). For more information, see the PingAccess API Management Guide.

Agent Trusted Certificate

Yes

Specify the Agent Trusted Certificate to export in the agent properties file. The agent uses the selected certificate to communicate with the PingAccess engine using Secure Sockets Layer (SSL)/TLS. PingAccess gathers these certificates from imported certificates. If the appropriate certificate is not available, it needs to be imported into the system.

You must specify the certificate authority (CA) root certificate if the agent listener presents a CA-signed certificate chain.

Override Request IP Source Configuration

No

If required, select Yes to Override Request IP Source Configuration and enable additional controls that configure the agent to use different Internet Protocol (IP) source information.

  1. Enter the header names used to identify the source IP address.

  2. If more than one value is included in the Header Names field, use List Value Location to specify whether the first value or the last value in the list is used as the source address. The default value is Last.

  3. Select Fall Back to Last Hop IP to use the last hop IP address as the source address when none of the listed header names are found. When this option is not selected, if none of the listed header names are found, access is denied and a Forbidden result is returned.

Override Unknown Resource Configuration

No

If required, select Yes to Override Unknown Resource Configuration to specify how requests for unknown resources are handled. This mode is optional. If not set, the default agent mode will be used. Select a Mode to specify how requests for unknown resources are handled, either Deny or Pass-Through.

Max Retries

Yes

Enter the number for Max Retries before considering a PingAccess server unavailable.

Failed Retry Timeout

Yes

Enter the number, in seconds, for the Failed Retry Timeout before retrying a failed PingAccess server.