Hi, When you are using windows machine in AD, you open a session and then after that, periodically, your session is renewed in the AD. The palo is polling your security event and see, ever you new session and your renew then update is local cahe then you stay authenticated. In Mac world, not sure but , you open a session in AD then generate event then be authen in the palo. After couple of minutes, maybe your Mac doon't ask for session renew then no event in the AD then your authenti expire in the palo.. If you try to access a network ressource, in background you are authenticate again in the domain then you are known by the palo. To be sure, you can check the event in your AD: Windows 2000/2003: SUCCESS_NET_LOGON = 540, AUTH_TICKET_GRANTED = 672, SERVICE_TICKET_GRANTED = 673, TICKET_GRANTED_RENEW = 674, ACCOUNT_USED_FOR_LOGON = 680, Windows 2008: LOGON_SUCCESS_W2008 = 4624, AUTH_TICKET_GRANTED_W2008 = 4768, TICKET_GRANTED_RENEW_W2008 = 4770, ACCOUNT_USED_FOR_LOGON_W2008 = 4776, Hope help V.
... View more
