I was on the fence if this should go in to the ISE category or WSA, but because it's platform specific to the WSA I settled on here.
I wondering what is the maximum number of IP-SGT bindings the WSA platforms can support. I have a customer that has an existing ISE/PXGrid WSA integration leveraging TrustSec IP-SGT bindings for internet access. They are relying on this integration quite heavily across their WSA's and we are looking at scaling the ISE environment. This expansion means a lot more than the existing 50k IP-SGT bindings.
It's not listed in the TrustSec system bulletin so I wonder what's been tested. I'm worried we are going to hit a show stopping limit as the roll out continues and I would like to get in front of it.
The ask is specifically what the max ip-sgt bindings we can learn via pxgrid on s670/680/690 hardware before we pass any limits.
you shouldn't face nay issues with S670/S680 /S690 with 50K users. The in house testing has done with more than 150K users and enough memory was allocated so that it doesn't create any issues. Let us know if in case you face any issues or you have specific deployment related questions.
So 150k would be the upper tested limit then? It's currently 50k, but that will easily be 600k+ next year if Kerberos doesn't pan out.
I got some more insight into it. We have fixed memory allocated for users & associated information and not the nos. of Mappings/users. Number of users are depending upon size of each record. If a user belongs to several groups, then a smaller number of users could fit in.