06-26-2019 12:43 PM
According to this discussion "If connection between PAN & PSN breaks, PSN will be having all the old configuration,it won't affect authentication/posturing, Only the new changes in PAN will not get replicated on the PSN." According to BRKSEC-3432 PSN queries AD Directly. In case we have a hybrid/medium OR a large distributed deployments and we have a PSN in a branch office (PAN/MnT are in the main HQ) what will happen if:
1. There is no AD in this branch office and the connection with PAN/MnT is lost? Since we lose the connection to the AD, I don't think that PSN will be able to authenticate the new connections. PSN will just keep the current connections, won't it?
2. There is AD in the branch office and the connection with PAN/MnT is lost? Since we have a connection with AD, it should keep working and it won't affect authentication/posturing and any other services, correct?
Solved! Go to Solution.
06-26-2019 05:45 PM
That is correct, PSN authenticates users directly via AD.
1. If connection between PSN and AD is affected then new users will not be able to authenticate
2. If AD is local to PSN, then authentication still works, however if PAN is not reachable some flows will not work. Please refer to the table in this link below:
06-26-2019 11:15 PM
06-26-2019 05:45 PM
That is correct, PSN authenticates users directly via AD.
1. If connection between PSN and AD is affected then new users will not be able to authenticate
2. If AD is local to PSN, then authentication still works, however if PAN is not reachable some flows will not work. Please refer to the table in this link below:
06-26-2019 11:15 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: