Forum Discussion

Effrum's avatar
Effrum
Icon for Nimbostratus rankNimbostratus
Mar 29, 2016

APM Apply Access Policy - affect existing sessions vs new sessions

This might be a silly question, but I'm having trouble finding a definite answer. When does applying changes to an access policy invalidate currently connected sessions vs only taking affect for new sessions? I feel like the vast majority or changes would only apply to new sessions, since an existing session will persist on the agreed upon rules/settings at the time it was negotiated. But what about something like adding a new domain to an existing multi-domain policy? Or adding a new branch to an existing policy to accommodate a new user group/application? What kinds of scenarios cause an APM session to become invalidated after a change?

 

Thanks for any input or clarification.

 

1 Reply

  • Hi,

     

    When you connect to APM you get a session and then the apd process will evaluate the access policy until allow or deny. At this point apd hands off the session to tmm. Any changes to the VPE will not affect these already established sessions. When you "Apply" the access policy it is forcing the new changes into apd so that the next time a access policy evaluation starts the new settings take affect.

     

    -Seth