Support Center > Search Results > SecureKnowledge Details
Identity Sharing is active on the PEP when not configured
Symptoms
  • Enforcement issues on specific networks / missing identities on enforcement points (PEP).
  • The PEP Security Gateway opens a connection to other Security Gateways which are not configured to share identities with it.
    The user can verify this by running the following command on the PEP:
      #netstat -apn | grep 28581
    Example of output:
      tcp 0 0 <LOCAL_PEP_IP>:34634 <PDP IP>:28581 ESTABLISHED 6138/pepd
    Look for connections established by local pepd on port 28581 to remote Security Gateway (PDP) which is NOT sharing identities to this PEP Security Gateway.
  • Running the following command and looking for remote Security Gateway (PDP) shows that it is NOT sharing identities to this PEP Security Gateway.
      #pep show network pdp

    Output example:
      --------------------------------------------------------
      | Network | Mask | Related PDPs |
      --------------------------------------------------------
      | 10.10.10.0 | 255.255.255.0 | ; |
      --------------------------------------------------------
Cause

In some scenarios, the PEP Gateway connects to remote Gateway PDPs not according to the Identity Sharing configuration. For example, even though sharing is not enabled on the PEP, or the PEP is not configured to fetch from a specific PDP, a connection is nevertheless made.

This will cause the PEP to try to fetch identities and perform network registrations which could lead to enforcement issues on those networks.


Solution
Note: To view this solution you need to Sign In .