Agent field descriptions

The following table describes the fields available for managing applications in the Agents window.

Field Required Description

Name

Yes

Enter a unique alphanumeric name for the agent, up to 64 characters.

Description

Enter an optional description for the agent and its purpose.

PingAccess Host

Yes

In the PingAccess Host fields, enter the Hostname and Port of the PingAccess server where the agent should send requests.

The PingAccess Hostname and Port might not be the actual host and port to which that policy server is listening, depending on network routing configuration and network elements such as reverse proxies and load balancers.

The PingAccess Host and PingAccess Port are where the agent sends its requests. For example, if you have a cluster of engines behind a load balancer, the PingAccess Host and PingAccess Port values might point to the load balancer, rather than directly to an engine host in order to provide fault tolerance for the agent connectivity.

Failover Host

In the Failover Host fields, enter the Hostname and Port of the PingAccess server where the agent should send requests in the event of a failover from the PingAccess Host.

Additional failover hosts can be added using the application programming interface (API).

Agent Trusted Certificate

Yes

Specify the Agent Trusted Certificate to export in the agent properties file.

The agent uses the selected certificate to communicate with the PingAccess engine using Secure Sockets Layer (SSL)/TLS. PingAccess gathers these certificates from imported certificates. If the appropriate certificate is not available, you must import it into the system.

You must specify the certificate authority (CA) root certificate if the agent listener presents a CA-signed certificate chain.

Override Request IP Source Configuration

If required, select Yes to Override Request IP Source Configuration and enable additional controls that configure the agent to use different Internet Protocol (IP) source information:

Enter the header names used to identify the source IP address.
If more than one value is included in the Header Names field, use List Value Location to specify whether the first or last value in the list is used as the source address.

The default value is Last.
Select Fall Back to Last Hop IP to use the last hop IP address as the source address when none of the listed header names are found.

When this option isn’t selected, if none of the listed header names are found, access is denied and a Forbidden result is returned.

Override Unknown Resource Configuration

If required, select Yes, then select a Mode to specify how requests for unknown resources are handled: either Deny or Pass-Through.

This mode is optional. If it isn’t set, the default agent mode will be used.

Require Token Authentication

Select this checkbox to require all PingAccess agents to use bearer token authentication in addition to the shared secret when making requests to the PingAccess engine nodes.

Learn more about setting up this configuration in Configuring PingAccess agents to use bearer token authentication.

The PingAccess agents haven’t been updated to support bearer token authentication yet. Keep this checkbox cleared until agent compatibility is added and all agents have been updated to the supported version.

Max Retries

Yes

Enter a number specifying how many times an agent should try contacting a PingAccess server before considering it unavailable.

Failed Retry Timeout

Yes

Enter a number, in seconds, specifying how long an agent should wait before retrying a failed PingAccess server.