I'm currently testing/setting up a UTM and I've been having a problem with AD SSO in Transparent Mode.
Our current web filter utilizes a small user authentication client that sends identity data to the filter for logging purposes. When I user logs in or logs off their identity data is associated or de-associated with the IP at that time.
I've noticed that with the UTM, if I boot up a PC and browse as a user (Test1) that information is correctly displayed in the Web Filtering logs, that traffic is tagged as coming from Test1. If I log out of Test1 after a period of 5 minutes or so and log in as another user (Test2), the traffic is still logged as coming from user Test1. This usually persists for a period of about 30 minutes, after which time the identity data appears to update and correctly attributes the traffic to Test2.
What's going on here and why isn't traffic attributed to Test2 once the account is logged in?
Is there some timeout period where the UTM doesn't attempt to re-authenticate the traffic? If so, can I change this to a much shorter interval? I tried the setting under Web Protection >> Filtering Options >> Misc >> Authentication Timeout, but that setting doesn't appear to affect my situation.
This thread was automatically locked due to age.
