07-03-2023 07:45 PM
I am trying to change the TTL on username-to-IP mappings learnt from ISE-PIC on Web Security Appliance (software version 14.5.1-016) from the default 6 hours to 1 hour. This can be seen by issusing the command "isedata > cache > show", selecting an IP of a user IP mapping and then "checkip <IP>".
I cannot find a setting for it in the web interface and suspect it is set in the following section of the "showconfig" output:
<ise_service>
<ise_service_ise_user_timeout>6</ise_service_ise_user_timeout>
</ise_service>
So, I wonder if the TTL can be changed by the following method or if there is a better way:
1. export the output of "showconfig"
2. change "<ise_service_ise_user_timeout>6</ise_service_ise_user_timeout>" to "<ise_service_ise_user_timeout>1</ise_service_ise_user_timeout>"
3. upload the new config and restart the ISE-PIC vm
07-03-2023 08:15 PM
07-12-2023 03:49 AM
Hello @Scott123
if you want to modify cached timeout, you can use ICSECONFIG command in CLI :
iseconfig
Displays current ISE configuration parameters; specify an ISE configuration operation to perform:
ISE RECONCILIATION TIME SETUP—Configure ISE reconciliation time setup. To restart the ised process
automatically, set the time in the HH::MM format within 24 hours of ISE configuration. After a restart, the
bulk download takes place.
Choose the operation you want to perform:
- Schedule ISE Restart Time in HH:MM format.
- Modify cache timeout for ISE users. Specify a timeout value in hours, upto 24 hours
By default, the value for option 1 is 00:00 mid-night.
as Ken mentioned, If you need to edit the configuration file,
please generate a backup with encrypted passwords from GUI> system Administration > Configuration File
download the .XML file , edit and then import it.
Side note : If you are using SMA, you can upload the edited configuration file to Configuration Master, and publish this to other WSAs.
Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide