06-25-2019 11:58 AM - edited 06-25-2019 02:01 PM
I was on the fence if this should go in to the ISE category or WSA, but because it's platform specific to the WSA I settled on here.
I wondering what is the maximum number of IP-SGT bindings the WSA platforms can support. I have a customer that has an existing ISE/PXGrid WSA integration leveraging TrustSec IP-SGT bindings for internet access. They are relying on this integration quite heavily across their WSA's and we are looking at scaling the ISE environment. This expansion means a lot more than the existing 50k IP-SGT bindings.
It's not listed in the TrustSec system bulletin so I wonder what's been tested. I'm worried we are going to hit a show stopping limit as the roll out continues and I would like to get in front of it.
The ask is specifically what the max ip-sgt bindings we can learn via pxgrid on s670/680/690 hardware before we pass any limits.
06-30-2019 11:01 PM
Hello Damien,
you shouldn't face nay issues with S670/S680 /S690 with 50K users. The in house testing has done with more than 150K users and enough memory was allocated so that it doesn't create any issues. Let us know if in case you face any issues or you have specific deployment related questions.
07-01-2019 06:44 AM
So 150k would be the upper tested limit then? It's currently 50k, but that will easily be 600k+ next year if Kerberos doesn't pan out.
07-03-2019 09:58 AM
07-03-2019 08:50 PM
Hello Damien,
I got some more insight into it. We have fixed memory allocated for users & associated information and not the nos. of Mappings/users. Number of users are depending upon size of each record. If a user belongs to several groups, then a smaller number of users could fit in.
Regards
Shikha Grover
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide