USer-ID cache timeout calculation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

USer-ID cache timeout calculation

L4 Transporter

I am losing user-ip-mapping occasionally. I believe this is because of incorrect timeouts.How to calculate the ideal user-id cache  timeout for 1200 users.? I am using windows based user-id agent.

5 REPLIES 5

L7 Applicator

it will depend on users domain activity.

if users only contact the domain once per day then you need to set to at least 8 hours.

 

if domain activity is busy, mail servers, users locking/logging off devices, shared drives etcc. then perhaps 4 hours will suffice.

 

I have mine to 24 hours, no problems whatsoever.

 

most on this site prefer 4 to 8 hours

 

our users have fixed VM's, they get sane address. if someone else gets the VM/address then the ip table is modified.

 

what is it currently set to?

I have dynamic users(logging in & out all day).

Current setup is for 2hrs.

ok 2 hours.

 

seems quite low, I cannot imagine users logging in and out or off every 2 hours.

 

there are other options of using mail activity but someone else will need to advise as never used this...

 

 

ramp it up to 4 or 6.

 

this would be on the assumption that your users at least take a lunch break each day...

if probing is an option (preferably most or all stations are logged into the domain for this to work optimally) you could increase the timeout to a 'work day' and then set up probing to ping users every 15 (as not to spam the network with probes) minutes. active users will remain logged on, inactive users (ones that have abandoned an IP or have logged out) will be cleared

 

you could also enable Captive portal (with NTLM for transparency + cookies for longevity) to serve as backup or to replace the probes

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

I just changed it for 6hrs. I will post the results. Thanks for the suggestion.

  • 2877 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!