User Information in Firewall Database Cache

Showing results for 
Show  only  | Search instead for 
Did you mean: 

User Information in Firewall Database Cache

L0 Member

1: Captive Portal is set for entire network ( and in Active Directory the group ( IT) is choosen which will be filtered or monitored. There are

two users ( user1/user2) who are member of this group.

Firewall Rule :

1:  Trust to Untrust

     Source                             Action 

1: ( Any known user)              Allow
2: ( Any Unknown user)          Block


When user 1 & user 2 login to shared workstation ( WS1) ( One after other)They both are able to browse internet and no issues. However after sometime the local administrator on that pc( WS1) is logged in, Locally on that machine to work and he is trying to browse internet( Ideally that user is unknown he should be prompted for authentication and he can use any guest based user account from AD ( guest 1) to access internet with limited accessibity of sites.This is not happening, the moment the local adminstration is login into that machine ( WS1) and trying to browse internet, that user is getting internet access.Seems like there is some sort of Cached information which shows that ( WS1) is still being used by known users and its not able to refresh it.

I tried to reset the user captive portal session using this command:-

# debug device-server reset captive-portal ip-address

It was of no help,


When i restarted the PAN agent, it started to work and that agent was showing Ip as unknown and when tried to open the IE and browse on that

pc. it showed the authentication .

This is a issue with us, and we will not be able to apply the policies on the users.



1: When we checked the logs in Firewall Monitor TAB, It was still showing us last logged in username and the logs were showing his name with latest

timestamp. We even checked by browsing some of the websited and enabled ( Resolve) in the logs to see and synchronize the domain name we were browsing as

current local administrator. However in the logs it was showing as domain user who is no more logged into that machine.

Any Suggestion on this ?


L5 Sessionator

It sounds like the Captive Portal expiration time has yet to be reached for the original user and the guest user is authenticating based on that.  You can reduce the expiration time and verify if the guest is recogonized.

  • 1 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!