7 Replies Latest reply on Jan 31, 2019 11:37 PM by J_Siroky

    CSA web issue

    J_Siroky Apprentice

      Hello,

       

      when I want access to the CSA webportal... test.test.com/bgs I get this:

       

                 

      The website declined to show this webpage

      HTTP 403  
          

      Most likely causes:

      • This website requires you to log in.
          

      What you can try:

          
         Go back to the previous page.
          
      More information   More information  

      This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

      For more information about HTTP errors, see Help.

       

       

      Do you know where should be problem?

       

      We have latest version of CSA server

       

      Thank you

        • 1. Re: CSA web issue
          masterpetz ITSMMVPGroup

          Hi,

           

          it seems you have a typo in your URL, it's not "bgs" but "gsb".

           

          Kind regards

          Christian

          • 2. Re: CSA web issue
            J_Siroky Apprentice

            Im sorry that was my fault... when I put there GSB or RC I get:

             

            This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.

            For more information about HTTP errors, see Help.

            • 3. Re: CSA web issue
              J_Siroky Apprentice

              It should be some issue on the IIS? Its look that problem is on backend server...

               

              Also Im able to get site CSA from outside https://test.csa.test but Im not able to get https://test.csa.test/gsb or RC

              • 4. Re: CSA web issue
                LANDeskWizard SSMMVPGroup

                Take a look at the following doc. It may help. I am on the latest CSA and have not ran across logs filling up but it's worth a shot. Another thing you may want to look at is how the internal Firewall is setup on the CSA. I disable mine as it is not needed in our environment.

                 

                Issue: Logs Fill Up CSA

                • 5. Re: CSA web issue
                  bdleedy Apprentice

                  I have the same issue.

                   

                  Internally I can't get to gsb, externally I can. Any resolution to this?

                  • 6. Re: CSA web issue
                    Peter Massa Expert

                    This is due to a security feature that was added to the CSA.

                     

                    It will block the management pages on the CSA from the lowest eth port on the host.

                     

                    So the old recommended config of eth0 being internal and eth1 being external is now reversed to eth0 being external and eth1 being internal.

                     

                    The note from Ivanti support I got when troubleshooting this is:
                    "Patch does indeed block external access as long as the CSA is configured in a specific manner IE: lowest numbered NIC is external facing. This is not configurable and per PSE the current CSA framework doesn't allow for them to be able to code the configuration steps necessary to make it configurable."

                     

                    I had to flip the configuration of our network on our vCSAs in VMware to be the first eth as external and other one as internal.  Took about 20 minutes and no issues came from it.

                     

                    The intention of this security feature is to prevent external access to the management pages, even if credentials were compromised.

                     

                    Hope this helps,

                    Peter

                    1 of 1 people found this helpful
                    • 7. Re: CSA web issue
                      J_Siroky Apprentice

                      I have found issue on the communication on our netscaler.Be sure that you have opened communication on the HTTPS,TCP 443 TCP22 between Core and the Gateway and also from the CSA to target machine on the  http/80 https/443. Also we post public certificate not internal