Taking another look at our user-id mappings with our server team today and we've landed on trying 90 minutes for AD. We set this on the agents installed on two of our AD servers and the firewall is showing the new logs coming in as having the correct timeout.
Next, I'm trying to figure out how to do this with our wireless. With Cisco ISE, I'm collecting the mappings via syslog profiles on the firewall but I don't see a way to limit the timeout there. The wireless controller has a max session timeout at around 240 minutes and I figured you'd probably want to set the corresponding user-ID mapping timeouts to just over that.
The User-ID Agent Config box has a timeout value that can be enabled and set but I wasn't sure if this would affect the syslog profiles and whether this would override the timeouts the AD agents are sending?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!