No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The users’ security-group information is different with AD server.

Publication Date:  2018-03-31 Views:  71 Downloads:  0
Issue Description

The users’ security-group information is different with AD server and not synchronize.

Handling Process

1.     Checked the firewall configuration, customer didn’t configure synchronization with AD server automatically.

2.     Chatted with customer, they loaded user from AD to firewall, and then bind username and ip address. At last they changed the security-group from AD server.

3.     If you select “Overwrite existing user records” and a user already exists, the FW overwrites the original user attributes. Then the username and ip address binding information will disappear.

4.     If you deselect “Overwrite existing user records” and a user already exists on a FW, the FW skips the user. Then the new security-group of AD server will not synchronize to firewall.

Root Cause

Customer want to overwrite the user from AD to firewall but keep ip address binding, firewall principle is different with it.



Solution

1. Change the security-group on AD server and synchronize to firewall.

2. Bind ip address on firewall again.

END