Redistribute Data and Authentication Timestamps

In a large-scale network, instead of configuring all your firewalls to directly query the mapping information sources, you can streamline resource usage by configuring some firewalls to collect mapping information through redistribution.
You can redistribute user mapping information collected through any method except Terminal Server (TS) agents. You cannot redistribute Group Mapping or HIP match information.
If you use Panorama to manage firewalls and aggregate firewall logs, you can use Panorama to manage User-ID redistribution. Leveraging Panorama is a simpler solution than creating extra connections between firewalls to redistribute User-ID information.
If you Configure Authentication Policy, your firewalls must also redistribute the Authentication Timestamps that are generated when users authenticate to access applications and services. Firewalls use the timestamps to evaluate the timeouts for Authentication policy rules. The timeouts allow a user who successfully authenticates to later request services and applications without authenticating again within the timeout periods. Redistributing timestamps enables you to enforce consistent timeouts across all the firewalls in your network.
Firewalls share data and authentication timestamps as part of the same redistribution flow; you don’t have to configure redistribution for each information type separately.

Recommended For You