url filtering with groups moved user

cancel
Showing results for 
Search instead for 
Did you mean: 

url filtering with groups moved user

L0 Member

I have 2 surfing policies one referencing group1 the other group2

if I move a user from group 1 to group 2 he is still restricted by the group 1 policies

how do I force the panagent to look again and get the list of group to user again

1 REPLY 1

L6 Presenter

I guess you have already seen following docs?

User Identification with PAN-OS 4.0
https://support.paloaltonetworks.com/index.php?option=com_pan&task=dl_tech_doc&filename=User-Identif...

User-ID Upgrade (4.1)
https://support.paloaltonetworks.com/index.php?option=com_pan&task=dl_tech_doc&filename=User-ID_Upgr...

According to the above docs there is an Update Interval for some settings which defaults to 3600 seconds (1 hour).

This setting can be manually altered for values between 60-86400 (1min - 1day).

So in your case (as a test) try to lower it to at least 300 (seconds).

The point here is that the agent will cache information and by that lower amount of traffic needed between the agent and the directory aswell as between the PAN and the agent.

But if you can have a close monitor on the PAN (and the server running the agent) you could of course try 60 seconds to see if traffic goes up (so you wont overload the mgmtplane or something).

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!