enable (view for online user synchronization from an Agile Controller server)

By default, online user synchronization from a Agile Controller server is disabled.

In the Agile Controller SSO scenario, the online user information on the FW and the Agile Controller server is not synchronized because the Agile Controller server sends the loss of users' login messages to the FW or users age on the FW but do not log out from the Agile Controller server. After online user synchronization from a Agile Controller server is enabled, when traffic that has no matching online user entry passes through the FW or a user ages, the FW checks with the Agile Controller server on whether the corresponding online user exists based on the source IP address. If the user goes online on the Agile Controller server, the Agile Controller server sends a user login message to the FW so that the user goes online on the FW.

Before enabling online user synchronization from a Agile Controller server, enable Agile Controller SSO.

You can run the enable command only after running the sync-address command to specify a source IP address range.

The FW sends a query message to all Agile Controller servers configured on the FW and uses the key configured during the Agile Controller server configuration to encrypt query packets. A user goes online on the FW as long as the user goes online on one Agile Controller server.