Enable User Identification Timeout
Select this option to enable a timeout value for user mapping entries. When the timeout value is reached for an entry, the firewall clears it and collects a new mapping. This ensures that the firewall has the most current information as users roam and obtain new IP addresses.
Enable the timeout to ensure the firewall has the most current user-to-IP-address mapping information.
User Identification Timeout (min)
Set the timeout value in minutes for user mapping entries (range is 1 to 3,600; default is 45).
Set the timeout value to the half-life of the DHCP lease or to the Kerberos ticket lifetime.
If you configure firewalls to redistribute mapping information, each firewall clears the mapping entries it receives based on the timeout you set on that firewall, not on the timeouts set in the forwarding firewalls.
Allow matching usernames without domains
Select this option to allow the firewall to match users if the domain is not provided by the User-ID source. To prevent users from being misidentified, only select this option if your usernames are not duplicated across domains.
Before you enable this option, verify that the firewall has fetched the group mappings from the LDAP server.