No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Troubleshooting of Online User Is Zero--TSM SSO For Internet Access User (User-Initiated Authentication) For USG6600 (V200R006C10SPC100)

Publication Date:  2016-05-13 Views:  104 Downloads:  0
Issue Description
After configured for TSM SSO For Internet Access of Online User  (User-Initiated Authentication) and found the online user is zero.
Alarm Information
Online User on USG 6600 is zero.
Handling Process

1. After configured for TSM SSO For Internet Access of Online User  (User-Initiated Authentication) and found the online user is zero. The online user even can be found on the TSM.

2. Check the setting for USG6600 “Object > User > User Import > Server Import.”. The Target User Group is default. And there is no mistake for this.
3. Set debugging and check the information. The steps just as below:
<USG6600>system-view
[USG6600]diagnose
[USG6600-diagnose]debugging user-manage tsm-sso all
[USG6600-diagnose] terminal debugging
[USG6600-diagnose]terminal monitor
4. Let the user online again and found the information for the user on the TSM.

5. There is not any information show up, even the user online again.
[USG6600-diagnose]terminal debugging  09:31:12  2016/05/12 Info: Current terminal debugging is on 
[USG6600-diagnose]terminal monitor  09:33:37  2016/05/12 Info: Current terminal monitor is on 
[USG6600-diagnose]
6. Check the Online Behavior Management of USG6600 on TSM. And the information of USG6600 just as below:

7. Check the information of TSM “Object>TSM”. And there is no mistake for the information of TSM

8. Capture the packet on the TSM And found the packets have already been sent to USG.

9. It should be there is some mistake for the security policy. Check the setting of “Policy>Security Policy>Security Policy”. Enable the default policy.

10. Check the “ Object>Online User” and the user online now.

11. Root cause: The security policy of USG is not enabled and permit for the corresponding zone.


Root Cause
The security policy of USG is not enabled and permit for the corresponding zone.
Suggestions
During the Troubleshooting, using different way to reduce the arrange of  possible root cause. That will be helpful for the work.

END