Timeout on syslog sourced User-ID mappings?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Timeout on syslog sourced User-ID mappings?

L4 Transporter

Greetings all,

 

Taking another look at our user-id mappings with our server team today and we've landed on trying 90 minutes for AD.  We set this on the agents installed on two of our AD servers and the firewall is showing the new logs coming in as having the correct timeout.

 

Next, I'm trying to figure out how to do this with our wireless.  With Cisco ISE, I'm collecting the mappings via syslog profiles on the firewall but I don't see a way to limit the timeout there.  The wireless controller has a max session timeout at around 240 minutes and I figured you'd probably want to set the corresponding user-ID mapping timeouts to just over that.

 

The User-ID Agent Config box has a timeout value that can be enabled and set but I wasn't sure if this would affect the syslog profiles and whether this would override the timeouts the AD agents are sending?

 

Thanks!

2 REPLIES 2

Cyber Elite
Cyber Elite

@jsalmans,

The timeout configured on the firewall itself applies to all methods except for captive portal as far as I'm aware. I don't think there's any special consideration in regards to using the Windows user-ID agent as a source. 

@BPry 

If that timeout is configured on the firewall, but also configured as a separate value on the Windows user-ID agent itself, which takes precedence?

  • 2086 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!