Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gary_Partner
Participant

Identity sharing in a split R77/R80 environment

Approximately halfway complete with migration to R80.10 from R77.30.  Have encountered errors related to identity awareness, and what appears to be identity sharing that's failing between gateways running R77.30 vs R80.10.  This is causing one segment of my users to be unable to connect to the Internet.  From what I've found so far it looks to be due to the fact that identity sharing services are not implied between the 2 versions, therefore tcp/15105 and tcp/28581 are blocked by the R80.10 gateways.  We are using the identity collector for the R80.10 gateways, AD Query in R77.30 with a distributed environment with PEPs and PDPs.  Can anyone speak to a recommended workaround until I'm able to migrate the remaining gateways to R80.10? 

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

The underlying identity sharing mechanism between R77.30 and R80.10 isn't different.

This SK might be worth looking at, though: In a Cluster environment, Identity propagation does not occur between an Identity Server (PDP) and I... 

0 Kudos
PhoneBoy
Admin
Admin

I didn't realize this message was under one of the private user groups.

Mind if I move this to a more general area like General Product Topics‌ so others can comment?

0 Kudos
Gary_Partner
Participant

Not at all. I didn't realize it was set to private either. Rookie move on my part

0 Kudos
PhoneBoy
Admin
Admin

No worries, it's out in the public now.

0 Kudos
Mark_Mitchell
Advisor

Hi Gary,

Would I be correct in assuming that you may have resolved this now?

Cheers

Mark

0 Kudos
Gary_Partner
Participant

Hi Mark,

Until I hear otherwise from my users, I'm going with yes Smiley Happy  I did modify my R80 policies to allow identity sharing with the R77 gateways.  Also pushing to complete these upgrades sooner rather than later, and some of our domain controllers are moving which will require more changes to our configuration.  Never boring here.

Thanks, 

Gary

Mark_Mitchell
Advisor

Hi Gary, 

Good to hear. Smiley Happy Sounds like all fun there, it'll keep you busy. 

If you need any further assistance, just shout. 

Regards

Mark

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events