- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-10-2011 11:33 PM
Hello,
I have configured Age-out timeout to 720min and configured "<enable-full-expire>1</enable-full-expire>" on config.xml.
There is the way to check the timer for a particular users to check how last for expiration ?
If I restart the PAN-Agent services, does the timer for users will be set to 720min or they will continue as no restart was done ?
PAN Agnet Version 3.1.6.
04-14-2011 11:20 AM
show user ip-user-mapping
IP Ident. By User Idle Timeout (s) Max. Timeout (s)
--------------- --------- ------------------------- ---------------- ----------------
10.16.0.119 AD paloalto\sgostami 975 975
10.20.1.69 AD paloalto\sfayhardt 2833 2833
10.16.0.231 UNKNOWN unknown 120 420
10.20.1.72 AD paloalto\cdodge 975 975
When the PanAgent is restarted, the connection between the FW and the agent is broken. When this connection is re-established, the FW will flush its cache and download all groups and users. Then it will query the agent for user mapping when it sees traffic from an IP address.
Steve Krall
04-14-2011 11:20 AM
show user ip-user-mapping
IP Ident. By User Idle Timeout (s) Max. Timeout (s)
--------------- --------- ------------------------- ---------------- ----------------
10.16.0.119 AD paloalto\sgostami 975 975
10.20.1.69 AD paloalto\sfayhardt 2833 2833
10.16.0.231 UNKNOWN unknown 120 420
10.20.1.72 AD paloalto\cdodge 975 975
When the PanAgent is restarted, the connection between the FW and the agent is broken. When this connection is re-established, the FW will flush its cache and download all groups and users. Then it will query the agent for user mapping when it sees traffic from an IP address.
Steve Krall
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!