Verifying Integration with an IC Series Unified Access Control Appliance
Purpose
The user role-based policy feature depends on integration with a compatible IC Series appliance. After you have configured the IC Series appliance to communicate with the IDP appliance, you can use the IDP command-line interface (CLI) to verify connectivity and verify receipt of the user session data used in user role-based policies.
If you encounter connectivity issues, you most likely need to troubleshoot from the IC Series side of the communication. From the IDP Series side, you need to ensure the IDP appliance can receive data from the IC Series appliance on port 7103 (that is, that your firewall does not block port 7103).
Action
To verify integration with an IC Series appliance:
- Log into the CLI as admin and enter su - to switch to root.
- Enter the following command to verify connectivity:
[root@defaulthost admin]# scio user statusIDP-IC Connectivity is...........[Up] User Session Table Lookup........[Enabled]
- Enter the following command to display the user
session table:
[root@defaulthost admin]# scio user list1. IP[ 10.1.1.3] USER[test3] ROLES(1)[test-users3] 2. IP[ 10.1.1.2] USER[test2] ROLES(1)[test-users2] 3. IP[ 10.1.1.1] USER[test] ROLES(1)[test-users] ========================= Total Matches Found (3) ========================= [root@defaulthost ~]#
- Enter the following command
to display a counter of changes made to the user session table:
[root@defaulthost admin]# scio user counters list all+-----------+-----------+ | SUCCESS | FAILURE | +-----------+-----------+ Add | 3 | 0 | +-----------+-----------+ Delete | 0 | 0 | +-----------+-----------+ Lookup | 0 | 0 | +-----------+-----------+
