Are you using User-ID agent as your main collection method and CP as backup?
you may need to increase the "user identification timeout" which is set to 45 minutes by default
if most of your users spend most of their day at the same computer, you could set this to about 8-9 hours (length of a kerberos ticket lifetime) so your users only need to log on in the morning to keep being identified throughout the day.
if your users are highly mobile, you could opt to enable probing so the firewall queries the unidentified host for it's 'credentials'
Issue started after Implementation of Radius accounting from Aruba Clearpass to Palo Alto Firewall.
We have created an auth profile referencing the radius and under Device > Management > authentication settings calling upon this profile for authentication. Below is our CP setup. Which timer we need to change here?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!