12-06-2021 10:19 AM
Greetings all,
Taking another look at our user-id mappings with our server team today and we've landed on trying 90 minutes for AD. We set this on the agents installed on two of our AD servers and the firewall is showing the new logs coming in as having the correct timeout.
Next, I'm trying to figure out how to do this with our wireless. With Cisco ISE, I'm collecting the mappings via syslog profiles on the firewall but I don't see a way to limit the timeout there. The wireless controller has a max session timeout at around 240 minutes and I figured you'd probably want to set the corresponding user-ID mapping timeouts to just over that.
The User-ID Agent Config box has a timeout value that can be enabled and set but I wasn't sure if this would affect the syslog profiles and whether this would override the timeouts the AD agents are sending?
Thanks!
12-07-2021 05:34 PM
The timeout configured on the firewall itself applies to all methods except for captive portal as far as I'm aware. I don't think there's any special consideration in regards to using the Windows user-ID agent as a source.
12-08-2021 01:31 PM
If that timeout is configured on the firewall, but also configured as a separate value on the Windows user-ID agent itself, which takes precedence?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
