Solved: Policy Set function on authentication and authorization.

Leftz · ‎09-13-2021

Hi

We know Policy set is a container containing authentication and authorization rules etc. each authentication and authorization policy also has Conditions option for us to fill out, but Policy Set also has Condition option that we use to define. How does this Policy set Condition work? Do you think Policy set condition is necessary?

Rob Ingram · ‎09-14-2021

@Leftz you don't need a condition on the default policy set. If you have more than one policy set you will need a unique condition to differentiate between the 2 policy sets.

View solution in original post

Rob Ingram · ‎09-13-2021

@Leftz I generally use policy set conditions to distinguish between different connection scenarios, such as 802.1x Open Mode or 802.1x Closed More or Remote Access VPN etc. In a large complex environment, without having multiple Policy Sets you could have a overly complex Policy Set. By using multiple Policy Sets if the connection does not match the condition configured under the Policy Set, it will completely skip that Policy Set until it matches another, at which point it will process the associated authentication and authorisation rules. Depending on the size of your environment, using multiple Policy Sets will speed up the authentication/authorisation process.

Leftz · ‎09-14-2021

Thank you Rob! Can I say in some situation, the condition in Policy set is not required?

Rob Ingram · ‎09-14-2021

@Leftz you don't need a condition on the default policy set. If you have more than one policy set you will need a unique condition to differentiate between the 2 policy sets.

Leftz · ‎09-15-2021

Understood. Thank you Rob!