We have been using CIE for about half a year now for a spesific usecase where we use som groups that are maintained in Entra ID to control network access, monday we were made aware that that access did not update for new users.
CIE does have the correct group mapping, but the firewalls does not sync with CIE.
Debugging the issue we have found that the firewall does not manage to find the instance of CIE:
We checked with a second pair of firewalls we have on the same tennant and the same issure happens there.
In the logs we have found one supicious event about instance region 'kr' that started monday(have repeated multiple times), but dont find anything in the config that refers to that region:
looking at the log in the cli we found some more errors:
In the traffic log all traffic out from the management ip is allowed. The firewalls device certificate is valid.
We have repportet the problem to partner support, have not had the need to use them before so dont know what to expect, but they have broken the 4h responce time at least now 😞
So reaching out here to hear if someone got some suggestions of possible errors or have experienced something similar before?
Thank you for the reply, all 4 of our firewalls are listed under device association on common services.
output from those commands are:
