03-31-2017 10:28 AM
Hi experts,
after editing ise authorization policy (i.e. adding some conditions and then saving), does it requires a reboot to take effect?
i couldnt find any document mentioning about this. apparently i have an ise deployment and after editing the authorization policy by only saving, somthing weird is happening like, all the users are being redirected to the last rule which is deny access. which is suppose to match the first rule on top of it. but when the ise is rebooted evrything seems going back to normal.
thanks
chris
Solved! Go to Solution.
04-01-2017 10:38 AM
Nope, the authorization policy updates should not need a reboot. If multi-node deployments, then there might be some replication delays. If it fairly reproducible, please open a TAC case if not already done.
03-31-2017 12:33 PM
I have run into similar items where ISE seems to remember what the user was last using and seems to fail if that rule is missing etc.
I ran into this when I added a new MDM server, and changed the existing rule to point to the new server. ISE seemed to remember they were using the old server and just denied everyone. I had to purge their endpoints to get it to check the new server.
I guess all I can say is certain changes it does not like. Not sure if it's a time thing, but I find just making a new rule instead of changing and placing above the one to replace will eventually take over and you can remove the old rule.
04-03-2017 12:34 AM
thanks for the reply. I tried adding a new rule on top of the existing but resulted to the same issue
04-01-2017 10:38 AM
Nope, the authorization policy updates should not need a reboot. If multi-node deployments, then there might be some replication delays. If it fairly reproducible, please open a TAC case if not already done.
04-03-2017 12:35 AM
yes. I will probably do this . thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide