A company deploys the Secospace TSM and a USG2200 near the core device to interwork with the TSM server. When the user accesses the Web without installing a TSM client, the USG2200 automatically pushes a download page, preventing the user from accessing the intranet. However, certain users can access the intranet resources without installing a client, and the firewall does not push pages.
To ensure that the TSM SC is compatible with the USG2200, the clearing order of the TSM SC is not delivered to the USG2200, because certain firewalls of old versions (such as the Eudemon series) does not support this order. If this problem occurs on the USG2200, manually modify the script of the TSM SC. After the TSM SC restarts, not only the information about firewall V1R2C01SPC100 or later is cleared, but the information about online users is also cleared.
Do as follows:
Open the C:\Program Files\TSMServer\tomcat\secospace\secospace.properties file in the installation directory of the SC server.
Modify the attribute flag to be enable, as shown in the following figure:
Log in to the USG2200, and enter the display right-manager online-users command to query the user's online status. See the following figure:
According to the fact, the user whose account is XXX has logged out. In this case, if you log in to the TSM management page, the user whose account is XXX is offline. However, the terminal (IP address: 10.116.17.28) corresponding to XXX can normally access internal sources without an installed client and authentication.
It is probably that the information about successful login of the account XXX is recorded on the USG2200, and the network access right is enabled. In fact, the account XXX has logged out, but the information on the TSM server is not synchronized to the USG2200.
Enter the display right-manager server-group command again to query the status of the server. It is active.
By querying the status of the TSM server, we discover that the user restarted the server on August 16.
When the account XXX logs in, the user restarts the server. After the server is restarted, the SC is refreshed and the login information about the account XXX is cleared from the server. However, the server does not deliver the clearing order to the firewall, so the information about the account XXX still exists on the firewall.
This problem occurs at small probabilities. It occurs only when the server is restarted when the terminal is online. By default, to make sure of the compatibility of between the USG2200 and the TSM, the modification of TSM system parameters is not recommended.