Installing Visual Policy Manager (VPM) policy takes a long time.
Because the policy engine typically must connect to the domain controller (DC) to perform group verification during policy installation, the presence of numerous groups in policy causes installation to take longer depending on network latency between the ProxySG appliance and the DC.
Enable group caching so that the appliance does not have to check with the DC each time you install policy.
Connect to the appliance via SSH or serial console and issue the CLI commands as follows:
>en #conf t #(config)security windows-domains #(config windows-domains)group-cache enable ok
group-cache command is disabled by default on versions prior to 184.108.40.206. Upgrading SGOS from a previous version to to 220.127.116.11 with an IWA-direct realm joined to a domain does NOT enable group-cache by default.
To disable group caching, enter the following commands:
>en #conf t #(config)security windows-domains #(config windows-domains)group-cache disable ok
Imported Document ID: 000030469
Subscribing will provide email updates when this Article is updated. Login is required.