WSA User moving from one policy to another

Unanswered Question
Aug 24th, 2013
User Badges:

Hai ,

Can anybody faced this issue before??

We have 2 WSA s670 running in explicit model using Load Balancer.

We created access policies for different categories & integrated with AD groups also. Now, if i need to move a user from one group  in AD to another, it is not reflecting very soon and taking almost 6-7 hours. the surrogation timeout is set to default value as well.

Also, If we use Cisco CDA is there any way to fix this issue?? In document it seems CDA is used only for user to IP mapping only!!! Please suggest.


Mohamed fayz

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Vance Kwan Tue, 08/27/2013 - 23:58
User Badges:
  • Cisco Employee,

Hi Mohamed,

CDA will not resolve the issue.  I haven't tested this myself, but I have heard that if you make a change in the authentication realm, and submit/commit the changes, it will restart the authentication service, which will trigger the refresh of AD user groups.



This Discussion