Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KostasGR
Advisor

Another way to filter out a network from pdp instead of idc configuration?

Hello Community

Is any other way to filter out a network from pdp instead of idc configuration?

BR,

Kostas

7 Replies
PhoneBoy
Admin
Admin

You mean on the gateways themselves?
I don't believe so.
Can you explain why this is relevant in your situation?

KostasGR
Advisor

Hello PhoneBoy

I mean the Identity awareness gateways themselves.

After updating the IDCs to latest version it seems that filter out doesn't work as expected.

Is it a known issue?

BR,

Kostas

PhoneBoy
Admin
Admin

@Royi_Priov what say you?

0 Kudos
Royi_Priov
Employee
Employee

Hi @KostasGR,

To answer your initial question:

In Identity Broker, there is a way to filter by network.

However, I'm more concerned about your statement "After updating the IDCs to latest version it seems that filter out doesn't work as expected."

I'm not aware of such issue - can you open ticket with TAC and share IDC service debugs (sk122686)?

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
KostasGR
Advisor

Hello @Royi_Priov 

We are not using identity broker. We solved our issue by importing again the exclusions on IDC.

The upgrade procedure we followed is the below. You can replicate easily on your lab.

1)Export configuration of IDC

2)Uninstall old version of IDC

3)Reboot the windows server

4)Install the latest version of IDC

5)Import config of IDC

6)Establish connectivity with PDP

7)Check IDC status/logs/filters

8)Check PDP status

9)Check the registry value for monitor functionality that is present

10)import again the user exception filter

 

It seems that step 10 is also needed for exception filters to work as expected. Even though we could see them on IDC  configuration the exclusions for service accounts weren't working..

 

BR,

Kostas

0 Kudos
Royi_Priov
Employee
Employee

Thanks for the fast reply. I will certainly test it.

A question - in step 7, have you noticed if the relevant filters were exist on the IDC configuration? 

By the way, there is an easier way to update IDC in my opinion:

  1. Export configuration of IDC - same

  2. Install the latest version of IDC on top of the old one - same as step 4 on your procedure

after that, no other steps are needed (no need to import the config / re-establish PDP communication).

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
KostasGR
Advisor

Hello @Royi_Priov 

In step 7 the filters were present.

In the next IDC upgrade i will follow your procedure 🙂

Thank you

Kostas

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events