FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to change the LDAP user and group cache on FortiGate configured as explicit proxy.
Scope
FortiGate v7.4.2+
Solution
Starting with v7.4.2 the following commands were introduced:
diagnose debug enable diagnose test app wad 250
diagnose test application wad 1900xyz <----- Change the user cache time (xyz=minutes). diagnose test application wad 1910xyz <----- Change the Group cache time (xyz=minutes).
The example below changes the user and group timers from default 1440 to 10 minutes:
get system status Version: FortiGate-VM64-KVM v7.4.2,build2571,231219 (GA.F)
diag test app wad 1900010 Change user cache flushing timeout from: 1400 to 10
diag test app wad 1910010 Change group cache flushing timeout from: 1400 to 10
Note:
By default, the cache refresh interval is set to 24 hours (1400 minutes), and, in environments where there are frequent changes, a lower value might be needed.
