This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

User Information in Firewall Database Cache

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

User Information in Firewall Database Cache

paramount
L0 Member

‎04-24-2010 12:23 PM

1: Captive Portal is set for entire network ( 192.168.1.0) and in Active Directory the group ( IT) is choosen which will be filtered or monitored. There are

two users ( user1/user2) who are member of this group.

Firewall Rule :
==============

1:  Trust to Untrust


     Source                             Action 

1: ( Any known user)              Allow
2: ( Any Unknown user)          Block



Issue:
=====

When user 1 & user 2 login to shared workstation ( WS1) ( One after other)They both are able to browse internet and no issues. However after sometime the local administrator on that pc( WS1) is logged in, Locally on that machine to work and he is trying to browse internet( Ideally that user is unknown he should be prompted for authentication and he can use any guest based user account from AD ( guest 1) to access internet with limited accessibity of sites.This is not happening, the moment the local adminstration is login into that machine ( WS1) and trying to browse internet, that user is getting internet access.Seems like there is some sort of Cached information which shows that ( WS1) is still being used by known users and its not able to refresh it.

I tried to reset the user captive portal session using this command:-

# debug device-server reset captive-portal ip-address 192.168.1.104

It was of no help,

Resolution:
=============

When i restarted the PAN agent, it started to work and that agent was showing 192.168.1.104 Ip as unknown and when tried to open the IE and browse on that

pc. it showed the authentication .

This is a issue with us, and we will not be able to apply the policies on the users.

Observations:

==============

1: When we checked the logs in Firewall Monitor TAB, It was still showing us last logged in username and the logs were showing his name with latest

timestamp. We even checked by browsing some of the websited and enabled ( Resolve) in the logs to see and synchronize the domain name we were browsing as

current local administrator. However in the logs it was showing as domain user who is no more logged into that machine.

Any Suggestion on this ?

0 Likes Likes
1 REPLY 1

nrice
L5 Sessionator

‎04-26-2010 04:23 PM

It sounds like the Captive Portal expiration time has yet to be reached for the original user and the guest user is authenticating based on that.  You can reduce the expiration time and verify if the guest is recogonized.

0 Likes Likes
  • 1989 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks