Misconfiguration of environment where Management object (for rule compilation) is not fully aware of Identity Awareness interaction with AD.
Identity Awareness requires configuration on Management Server object and Log Server object:
Note: Refer to Identity Awareness Administration Guide (R75, R75.20, R75.40, R75.40VS, R76, R77) - Chapter 2 'Configuring Identity Awareness' - Enabling Identity Awareness on the Log Server for Identity Logging.
- Edit the Management Server object and Log Server object.
- Go to '
General Properties' pane - on the '
Management' tab - under the '
Logging & Status', check the box '
Identity Awareness Wizard' opens.
- Configure the connectivity with Active Directory (AD logs populating cache on Security gateway).
Note: you may need to delete and recreate the relevant security rules.
- Save the changes: go to '
File' menu - click on '
- Go to '
Policy' menu - click on '
Install Database...' - select all Management Server objects and Log Server objects.
- Install security policy on all managed Security Gateways.