Disabling peer-to-peer and global antipassback for Access Manager roles (Basic) - If global antipassback and I/O zones are not used, peer-to-peer should not be enabled. If peer-to-peer must be enabled, ensure that units that do not need to be connected to their peers are not part of any peer-to-peer groups.

Disabling peer-to-peer and global antipassback for Access Manager roles (Basic) - If global antipassback and I/O zones are not used, peer-to-peer should not be enabled. If peer-to-peer must be enabled, ensure that units that do not need to be connected to their peers are not part of any peer-to-peer groups. - Security Center 5.12

Security Center Hardening Guide 5.12

Product

Security Center

Content type

Guides > Administrator guides

Version

5.12

ft:locale

en-US

Last updated

2024-12-17

If global antipassback and I/O zones are not used, peer-to-peer should not be enabled. If peer-to-peer must be enabled, ensure that units that do not need to be connected to their peers are not part of any peer-to-peer groups.

What you should know

Peer-to-peer and global antipassback are deactivated by default.
After upgrading from a 5.12.1.0 or earlier system where peer-to-peer was enabled, all Synergis™ units under the same Access Manager role are placed in a default peer-to-peer group. If certain units do not need to be connected as peers, remove them from the group.

Procedure

To deactivate peer-to-peer:

From the Config Tool homepage, open the Access Control task and click the Roles and units view.
Select the Access Manager role, and then click the Properties tab.
In the Synergis™ units under this Access Manager role section, turn off the Activate peer-to-peer option.
Click Apply.

To remove a unit from a peer-to-peer group:

In the Peer-to-peer groups list, select a group and click Edit the item ().
In the dialog box that opens, clear the units that are not to be connected as peers.

You need to leave at least two units for the group to be valid.
Click Done > Apply.