End-of-Life (EoL)

Configure Cache Timeouts for User Mapping Entries

  • Device > User Identification > User Mapping > Palo Alto Networks User-ID Agent Setup > Cache
To ensure that the firewall has the most current user mapping information as users roam and obtain new IP addresses, configure timeouts for clearing user mappings from the firewall cache. This timeout applies to user mappings learned through any method except Captive Portal. For mappings learned through Captive Portal, set the timeout in the Captive Portal Settings (Device > User Identification > Captive Portal Settings,
Timer
and
Idle Timer
fields).
Cache Settings
Description
Enable User Identification Timeout
Select this option to enable a timeout value for user mapping entries. When the timeout value is reached for an entry, the firewall clears it and collects a new mapping. This ensures that the firewall has the most current information as users roam and obtain new IP addresses.
User Identification Timeout (min)
Set the timeout value in minutes for user mapping entries (range is 1 to 3,600; default is 45).
If you configure firewalls to redistribute mapping information, each firewall clears the mapping entries it receives based on the timeout you set on that firewall, not on the timeouts set in the forwarding firewalls.

Recommended For You