Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Policy Trace not returning any policy matches

Hi Guys,

Our issue here is that when we run a policy trace on any of our AD users - it doesnt seem to pull any group information and does not match any policies either.

However if i try access an URL like www.google.ie and monitor the activity from the cli - i cann see that the user has in fact had certain policies applied to it.

Does anyone have any suggestions as to how resolve this.

Running the command testauthconfig - completes successfully.

Cheers

Everyone's tags (4)
3 REPLIES
New Member

Policy Trace not returning any policy matches

What version of wsa are you running?

Also when typing in the username for the Policy trace include the domain name in all caps.  For example. CISCO\test

The domain name needs to be all caps in order to match correctly. If that still does not work, let me know.

Christian Rahl

Customer Support Engineer                      

Cisco IronPort - Web Security Appliances

Cisco Technical Assistance Center RTP

United States Ironport: 1-877-641-IRON (4766)

New Member

Policy Trace not returning any policy matches

Hi Christian,

I tried what you requested, but still no luck.

I can search for a user in the root domain and it will display policy information for that user. However if i specify a user in a subdomain i get nothing back.

Cisco support seem to be suggesting that the Policy trace utilty is useless and that i should use the cli for any tracing - which is what i have been doing.

The policy trace utilty would be handy though as its easier than deciphering the squid type logs.

Regards

New Member

Re: Policy Trace not returning any policy matches

Policy trace is not useless. However it is just another test. I would recommend using it as a confirmation of what you expected to happen. The real explanation of what will happen inside your box is the access-logs.

Can you take a screenshot of your test for me? Also when you say subdomains, what do you mean? Other domain names?

Christian Rahl

980
Views
0
Helpful
3
Replies