This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Vincent_Bacher
MVP Silver
MVP Silver
‎2026-02-02 06:43 AM
In response to RemoteUser

Actually, it looks like there’s some confusion here. Let me clarify:

 

  • PEP (Policy Enforcement Point) = the gateways/firewalls that enforce policies. These are what pdp connections pep shows.
  • PDP (Policy Decision Point) = the component that decides policies, usually running on Identity Awareness gateways.
  • Identity Broker Cluster = just handles identity distribution between PDPs; it is not enforcing anything.

 

 

So in your scenario:

 

  • Gateway A is a PEP → appears in pdp connections pep.
  • Cluster B is an Identity Broker → does not appear in pdp connections pep.
  • To see connections between PDPs/Brokers, you would run pdp connections b s.

 

 

Think of it as: PEPs enforce, Brokers distribute, and pdp connections pep only lists the enforcers.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
(1)
Who rated this post