04-11-2022 11:29 AM
I'm trying to understand the behavior of the global protect client as it pertains to session expirations. I'm getting a message "remove previous user" message. I'm trying to determine what that means as I'm used to seeing the "user session expired" message in the logs.
What triggers the "remove previous user" flag? Is this user manually logging off? I don't believe so as my testing shows the message for a user log off is "client logout".
This stems from a customer claiming they are getting forced to login multiple times a day, I dont belive them as the logs indicated otherwise but I want to be sure what this message means.
04-11-2022 02:25 PM
If a user is claiming that they are having to authenticate multiple times throughout the day, I would personally be looking at the endpoint PanGPS.log file for validation and not specifically the firewall logs. You'll see things on the agent side of things that aren't directly logged on the firewall.
As to your question, this actually has to do with User-ID mappings.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!