Hello All,
I got off of the phone a few hours ago with support.
Here is the issue:
I logged into my laptop, just had installed Win 10 latest edition, then proceeded to install Google Chrome.
I was being blocked from downloading Chrome. After a few greps to http.log, I noticed that my IP address/and my traffic was being used by
another user.
This user has not onsite and was not on shift. They also did not have the same rights as my policy (hence why I was not able
to download Chrome).
I also have our DHCP server(s) issue/release IPs every 8 hours. The user that was on the http.log was onsite last Friday, way outside the
8 hours lease limit. They use a laptop and are normally only here bi-monthly. And...... I have our VPN DHCP pool setup on a different subnet.
The support tech and I noticed that all 3 STAS collectors' DBs had no instance of this user/IP address combo.
So we were confused as to where the username/IP were stemming from,if not STAS.
Note: I was told a few months ago by a tech that the UTM will sometimes re-use cached authenticated accounts for other authenticated users.
This was not something that we were comfortable with, however it seems to be happening again.
Does anyone know of a way to keep this from happening? You can imagine the implications this has produced.
Here is what I have done so far:
- Flushed Authentication Cache
- Removed any old STAS DB entries (older than two weeks)
I am supposed to receive a call from a level 2 support tech in the near future.
Have a good day all.
This thread was automatically locked due to age.
