Problem: Palo Alto timeout expects minutes, not seconds (At least on 6.1,
can't say for sure, so the timeout is set WAY higher than it should be.
Resolution: $timeout = ( $timeout / 60); in PaloAlto.pm
Problem: SSO (And update_iplog in general from pfdhcplistener) use the
clients REQUESTED lease time for SSO updates. For an iPhone, I
see 7776000. This isn't what the DHCP server said to use, so its
inaccurate.
Solution: Move the call to firewallsso from the parse_dhcp_request sub to
parse_dhcp_ack sub.
Also. I actually disabled update_iplog in parse_dhcp_request, and for
DHCPACK CIADDR in parse_dhcp_ack because it seems to generate a TON of
extra iplog entries every time devices rebind. Ive never seen one with a
lease time defined, so it seems redundant.
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
