【NGAF】Policy based on User/Group not working
Issue Description
User configured SSO authentication, users are authenticated as SSO users but the application control based on the User/Group not working.
Error/Warning Information
Handling Process
-
Check on Authentication Status, there is a user authenticated on the corresponding group.
-
Try to change the network object to IP group, found that the policy got hit count.
-
Change back the Src Address to User/Group, the policy doesn’t have a hit count.
-
Check the online user appear in the Local Users under the corresponding group.
-
Check the authentication Zone, found that the zone is None
-
Change the Zone to LAN zone, after that the policy start to have hit count.
Root Cause
The Authentication Zone is not selected.
Solution
On Authentication Zone, select the LAN user zone on