1. After configured for TSM SSO For Internet Access of Online User (User-Initiated Authentication) and found the online user is zero. The online user even can be found on the TSM.
2. Check the setting for USG6600 “Object > User > User Import > Server Import.”. The Target User Group is default. And there is no mistake for this.
3. Set debugging and check the information. The steps just as below:
[USG6600-diagnose]debugging user-manage tsm-sso all
[USG6600-diagnose] terminal debugging
4. Let the user online again and found the information for the user on the TSM.
5. There is not any information show up, even the user online again.
[USG6600-diagnose]terminal debugging 09:31:12 2016/05/12 Info: Current terminal debugging is on
[USG6600-diagnose]terminal monitor 09:33:37 2016/05/12 Info: Current terminal monitor is on
6. Check the Online Behavior Management of USG6600 on TSM. And the information of USG6600 just as below:
7. Check the information of TSM “Object>TSM”. And there is no mistake for the information of TSM
8. Capture the packet on the TSM And found the packets have already been sent to USG.
9. It should be there is some mistake for the security policy. Check the setting of “Policy>Security Policy>Security Policy”. Enable the default policy.
10. Check the “ Object>Online User” and the user online now.
11. Root cause: The security policy of USG is not enabled and permit for the corresponding zone.