It feels like connections between Policy Manager and my Gateways are breaking more frequently. Has anyone else experienced this? It is a little frustrating when this happens unexpectedly. Any hints?
would you be able to check ssm log for errors, you should be able to find it here
Thanks. Nothing particularly earth shattering:
Oct 03, 2017 12:12:57 PM com.l7tech.console.logging.RmiErrorHandler handleWARNING: Disconnected from gateway, notifying workspace.Oct 03, 2017 12:12:57 PM com.l7tech.console.logging.RmiErrorHandler handleSEVERE: A Gateway error or a communication error occurred.
Is there a way to bump up the log level for more detail?
Hello Alejandro ,
First, ensure the network is good and low latency. If using ldap provider, ensure the ldap server is good, and the network between ldap and gateway is good.
2nd, check the roles of current user, Internal Identity Provider -> search the user, open properties -> Roles tab
If you can see a large number of roles for this user, it may be the reason of the connection broken between the policy manager and gateway.
A quick work around is to only set one role for this user (administrator), and configure the cluster wide properties to disable auto role assignment,
rbac.autoRole.managePolicy.autoAssign=false rbac.autoRole.manageProvider.autoAssign=false rbac.autoRole.manageService.autoAssign=false
If you still want the permission control, you may need to use security zone, assign permission of entities to the zone, and add only 2 roles to the user or group,
View X Zone Manage X Zone
Hope this can help.
Thanks for the info. I'm thinking that the issue has to do with latency since none of the other conditions apply to my setup.
So, what qualifies as "low" latency?
It depends, I believe <10ms should be good for most occasions.
I usually run the policy manager on a machine in the same LAN of the gateway server, and then use remote desktop to control the policy manger machine.
Hmm... If that's the case then I'll hit some problems. I'm getting ping replies in the 18-20ms range.
Several of the biggest reasons that connection are broken is VPNs not maintaining connections properly and connections going through Load Balancers where the port is not set for sticky sessions.
Director, CA Support