No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

TSM inherit according to department policy lead to can't access controlled domain and post domain

Publication Date:  2012-10-19 Views:  48 Downloads:  0
Issue Description
A test site deployed TSM and then access pre-authentication domain, post-authentication domain and isolation domain normally, observe again after two hours later found it can’t access the post-authentication domain and isolation domain.
Alarm Information
None.
Handling Process
Check the authentication status of the terminal: authenticate successful
Check the linkage state of TSM server: SACG/SC communicate successful
Log in USG5100 checking account rules state: shows that the account rule is “role 0”, which is the pre-authentication domain strategy “ACL 3099”, therefore can’t access post-authentication domain.
Log in TSM management page inspecting rules application, found the department the user accounts in is the root department, strategy is set to "inherit the superior department strategy", after change it into "custom Settings" choose corresponding isolation domain and post-authentication domain, re-linkage SACG hardware.
Terminal authenticates again, can access the post-authentication domain normally, fault resumed.
Root Cause
Login SACG checking the rules when the fault appears, found that after terminal authentication through the post-authentication domain rules are not applied to the corresponding account, when linkage strategies it becomes no effective sometimes.
Suggestions
Root department is the top departments, there is no superior department strategy to inherit, so sometimes it will appear corresponding issued strategies are unable to identify, leading to control strategy failure, the top departments must choose custom strategy.

END