Справочник Пользователя для SonicWALL 5.8.1
User Management
1104
SonicOS 5.8.1 Administrator Guide
6.
If using multiple agents, then also under SSO agent statistics look at the error and timeout
rates reported for the different agents, and also their response times. Significant differences
between agents could indicate a problem specific to one agent that could be addressed by
upgrading or changing settings for that agent in particular.
rates reported for the different agents, and also their response times. Significant differences
between agents could indicate a problem specific to one agent that could be addressed by
upgrading or changing settings for that agent in particular.
7.
Traffic from devices other than PCs can trigger SSO identification attempts and that can
cause errors and/or timeouts to get reported in these statistics. This can be avoided by
configuring an address object group with the IP addresses of such devices, and doing one
or both of the following:
cause errors and/or timeouts to get reported in these statistics. This can be avoided by
configuring an address object group with the IP addresses of such devices, and doing one
or both of the following:
–
If using Content Filtering, select that address object with the Bypass the Single Sign
On process for traffic from setting on the Enforcement tab of the SSO configuration.
On process for traffic from setting on the Enforcement tab of the SSO configuration.
–
If access rules are set to allow only authenticated users, set separate rules for that
address object with Users Allowed set to All.
address object with Users Allowed set to All.
For related information, see the
.
To identify the IP addresses concerned, look in the TSR and search for “IP addresses held
from SSO attempts”. This lists SSO failures in the preceding period set by the Hold time
after failure setting.
from SSO attempts”. This lists SSO failures in the preceding period set by the Hold time
after failure setting.
Note
If any of the listed IP addresses are for are Mac/Linux PCs, see the
To limit the rate of errors due to this you can also extend the Hold time after failure setting
on the Users tab.
on the Users tab.
For information about viewing SSO statistics on the SSO configuration page, see
.
Examining the Agent
If the above statistics indicate a possible problem with the agent, a good next step would be to
run Windows Task Manager on the PC on which the agent is running and look at the CPU usage
on the Performance tab, plus the CPU usage by the “CIAService.exe” process on the
Processes tab. If the latter is using a large percentage of the CPU time and the CPU usage is
spiking close to 100%, this is an indication that the agent is getting overloaded. To try to reduce
the loading you can decrease the Maximum requests to send at a time setting; see
run Windows Task Manager on the PC on which the agent is running and look at the CPU usage
on the Performance tab, plus the CPU usage by the “CIAService.exe” process on the
Processes tab. If the latter is using a large percentage of the CPU time and the CPU usage is
spiking close to 100%, this is an indication that the agent is getting overloaded. To try to reduce
the loading you can decrease the Maximum requests to send at a time setting; see
above, #
Remedies
If the settings cannot be balanced to avoid overloading the agent’s PC while still being able to
send requests to the agent fast enough, then one of the following actions should be taken:
send requests to the agent fast enough, then one of the following actions should be taken:
•
Consider reducing the polling rate configured on the Users tab by increasing the poll time.
This will reduce the load on the agent, at the cost of detecting logouts less quickly. Note
that in an environment with shared PCs, it is probably best to keep the poll interval as short
as possible to avoid problems that could result from not detecting logouts when different
users use the same PC, such as the initial traffic from the second user of a PC possibly
being logged as sent by the previous user.
This will reduce the load on the agent, at the cost of detecting logouts less quickly. Note
that in an environment with shared PCs, it is probably best to keep the poll interval as short
as possible to avoid problems that could result from not detecting logouts when different
users use the same PC, such as the initial traffic from the second user of a PC possibly
being logged as sent by the previous user.
•
Move the agent to a higher-performance, dedicated PC.
•
Configure an additional agent or agents.