cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

R80 Identity awareness Client side logic/server side logic

Hello,

 

Is there a knowledge base on how Identity Awareness actually works. The real question is - are there any conditions that would make Installing the policy on the Identity Awareness master firewall mandatory to have any new or updated user identity rules working?

0 Kudos
1 Reply

Re: R80 Identity awareness Client side logic/server side logic

By Identity Awareness Master, do you mean the Gateway performing the PDP role and sharing identities out to all your other Gateways?

If so, I always worked with the understanding that policy needed to be pushed any time you add a new Access Role (or modify an existing one) to all the Gateways using those roles. 

An exception to that could be if you are linking your IA Roles to Active Directory groups. If you do this, membership of the AD group could be changed in Active Directory and IA should recalculate the AD Group Membership without a Policy Install. This type of design may be something to keep in mind if the goal is to avoid installing policy as much as possible.

 

 

0 Kudos