Installing Visual Policy Manager (VPM) policy takes a long time from either ProxySG / Advanced Secure Gateway (ASG) or Symantec Management Center(SMC).

Because the policy engine typically must connect to the domain controller (DC) to perform group verification during policy installation, the presence of numerous groups in policy causes installation to take longer depending on network latency between the ProxySG/ASG appliance and the DC.

Workaround

Enable group caching so that the appliance does not have to check with the DC each time you install policy.

Connect to the appliance via SSH or serial console and issue the CLI commands as follows:

Note: The group-cache command is disabled by default on versions prior to 6.5.9.2. Upgrading SGOS from a previous version to to 6.5.9.2 with an IWA-direct realm joined to a domain does NOT enable group-cache by default.

To disable group caching, enter the following commands:

>en
#conf t
#(config)security windows-domains
#(config windows-domains)group-cache disable
  ok