https://community.cisco.com/t5/web-security/centralized-configuration-for-wsa-with-authentication-realm/m-p/3821416#M8367 <P>Hi I cannot find clarification with regard to the above topic.</P> <P>We have 8 WSA in various cities across the country. Each have a realm configured with the same name. All are using the same configuration otherwise. Each locations Realm is slightly different in terms of the AD server they are configured with. Each has 3 targets the first of which is the local Domain Controller, then one in another city and finally the one in the data center.</P> <P>&nbsp;</P> <P>What I don't understand is the comments in the user guide about using different authentication realms. Since the realm itself is local to the WSA and can't be configured on the SMA it is my expectation that the Realm itself is not centrally managed and not pushed to the individual WSA's. The only thing that would be an issue if different Realm names were in use the the policies configured. Is this a correct statement?</P> <P>&nbsp;</P> <P>We are getting ready to do centralized config and would like to know other's experiences in this regard.</P> <P>&nbsp;</P> <P>Thanks in advance.</P> Mon, 18 Mar 2019 17:00:45 GMT Garry Cross 2019-03-18T17:00:45Z https://community.cisco.com/t5/web-security/centralized-configuration-for-wsa-with-authentication-realm/m-p/3821416#M8367 <P>Hi I cannot find clarification with regard to the above topic.</P> <P>We have 8 WSA in various cities across the country. Each have a realm configured with the same name. All are using the same configuration otherwise. Each locations Realm is slightly different in terms of the AD server they are configured with. Each has 3 targets the first of which is the local Domain Controller, then one in another city and finally the one in the data center.</P> <P>&nbsp;</P> <P>What I don't understand is the comments in the user guide about using different authentication realms. Since the realm itself is local to the WSA and can't be configured on the SMA it is my expectation that the Realm itself is not centrally managed and not pushed to the individual WSA's. The only thing that would be an issue if different Realm names were in use the the policies configured. Is this a correct statement?</P> <P>&nbsp;</P> <P>We are getting ready to do centralized config and would like to know other's experiences in this regard.</P> <P>&nbsp;</P> <P>Thanks in advance.</P> Mon, 18 Mar 2019 17:00:45 GMT https://community.cisco.com/t5/web-security/centralized-configuration-for-wsa-with-authentication-realm/m-p/3821416#M8367 Garry Cross 2019-03-18T17:00:45Z https://community.cisco.com/t5/web-security/centralized-configuration-for-wsa-with-authentication-realm/m-p/3824205#M8386 <P>i have this problems too. can you help me?</P> Fri, 22 Mar 2019 07:50:14 GMT https://community.cisco.com/t5/web-security/centralized-configuration-for-wsa-with-authentication-realm/m-p/3824205#M8386 Johnatan Dire 2019-03-22T07:50:14Z https://community.cisco.com/t5/web-security/centralized-configuration-for-wsa-with-authentication-realm/m-p/3828831#M8397 <P>Hi,</P><P>If you are using the same realm name it should not prevent you from using SMA.</P><P>&nbsp;</P><P>Sma is using the configurations under the Web Security menu.&nbsp;&nbsp;</P><P>&nbsp;</P><P>There, you have your identification profile. Your identification profile knows which realm it will consume to get identity information.</P><P>&nbsp;</P><P>As long as the realm name matches, it will not consider which servers does that realm connect. (To get user ip mappings.)</P><P>SMA should not change the configurations of Realm even if you want it to do.</P><P>&nbsp;</P><P>Sadik</P> Fri, 29 Mar 2019 12:09:57 GMT https://community.cisco.com/t5/web-security/centralized-configuration-for-wsa-with-authentication-realm/m-p/3828831#M8397 sadik.sener1 2019-03-29T12:09:57Z