Installing Visual Policy Manager (VPM) policy takes a long time from either ProxySG / Advanced Secure Gateway (ASG) or Symantec Management Center(SMC).
Because the policy engine typically must connect to the domain controller (DC) to perform group verification during policy installation, the presence of numerous groups in policy causes installation to take longer depending on network latency between the ProxySG/ASG appliance and the DC.
Enable group caching so that the appliance does not have to check with the DC each time you install policy.
Connect to the appliance via SSH or serial console and issue the CLI commands as follows:
>en #conf t #(config)security windows-domains #(config windows-domains)group-cache enable ok
Note: The group-cache command is disabled by default on versions prior to 220.127.116.11. Upgrading SGOS from a previous version to to 18.104.22.168 with an IWA-direct realm joined to a domain does NOT enable group-cache by default.
To disable group caching, enter the following commands:
>en #conf t #(config)security windows-domains #(config windows-domains)group-cache disable ok
Imported Document ID: 000030469
Subscribing will provide email updates when this Article is updated. Login is required.