01-30-2012 11:08 AM
I have 2 surfing policies one referencing group1 the other group2
if I move a user from group 1 to group 2 he is still restricted by the group 1 policies
how do I force the panagent to look again and get the list of group to user again
01-30-2012 02:32 PM
I guess you have already seen following docs?
User Identification with PAN-OS 4.0
https://support.paloaltonetworks.com/index.php?option=com_pan&task=dl_tech_doc&filename=User-Identif...
User-ID Upgrade (4.1)
https://support.paloaltonetworks.com/index.php?option=com_pan&task=dl_tech_doc&filename=User-ID_Upgr...
According to the above docs there is an Update Interval for some settings which defaults to 3600 seconds (1 hour).
This setting can be manually altered for values between 60-86400 (1min - 1day).
So in your case (as a test) try to lower it to at least 300 (seconds).
The point here is that the agent will cache information and by that lower amount of traffic needed between the agent and the directory aswell as between the PAN and the agent.
But if you can have a close monitor on the PAN (and the server running the agent) you could of course try 60 seconds to see if traffic goes up (so you wont overload the mgmtplane or something).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
