Extend user authentication validity for GRE tunnel only environment

It’s a GRE tunnel only environment without ZCC. As usual users get authenticated daily. So in order to extend like weekly/monthly once authentication, I believe we can use IP surrogate feature under location. Now the question ‘Idle Time to Disassociation’ or ‘Refresh Time for re-validation of Surrogacy’, which one directly impact the duration of subsequent authentication prompt?

You can setup authentication frequency under administration — authentication setting — change to only once.

IP Surrogacy is to do map IP and user for a specific time period. So all traffic from that IP will considered and mapped the user who authenticated. In order to work IP Surrogacy the user has to authenticate atleast once. Time should be less than DHCP lease time or as per your corporate best practices.

1 Like

Unfortunately authentication frequency ‘once’ under authentication profile doesn’t work for tunnel only environment. Because it depends on browser cache I believe. Yes IP surrogacy is to map user to private IP address. But using IP surrogacy we can extend the authentication validity.

One time authentication works fine at GRE locations even without ZCC. Yes, it does depend on browser cache but unless you have browsers set to clear cache on exit (not recommended), the authentication cookie should persist until cleared.