We have 2 WSA s670 running in explicit model using Load Balancer.
We created access policies for different categories & integrated with AD groups also. Now, if i need to move a user from one group in AD to another, it is not reflecting very soon and taking almost 6-7 hours. the surrogation timeout is set to default value as well.
Also, If we use Cisco CDA is there any way to fix this issue?? In document it seems CDA is used only for user to IP mapping only!!! Please suggest.
CDA will not resolve the issue. I haven't tested this myself, but I have heard that if you make a change in the authentication realm, and submit/commit the changes, it will restart the authentication service, which will trigger the refresh of AD user groups.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...