Active Directory Group Policy Content Filter with old IP Address
Hi everyone. I've run across this some time ago and wondering if anyone else has seen this.
We currently use Active Directory integrated with our MX for Content Filtering, it works great. Here is my issue:
-User Jon Doe with DHCP Address 10.1.1.100 connects to the Internet. The MX applies the appropriate Content Policy to the AD user Jon Doe. Now let's say Jon Doe is gone for two weeks and his DHCP address is released and 10.1.1.100 is available. A new device that is not part of AD takes this address and connects to the Internet. What will happen is the MX will simply say its 'Jon Doe' and give that non AD user his access. I've tested this over and over and it definitely works this way. I would LOVE a clear/release button in the MX console for this, but there isn't one. The only way I can get it to work is to literally power down the MX to clear the AD cache. Now to be clear in this exact same scenario if someone takes 10.1.1.100 and is just a different AD user it works great, the MX acknowledges its a different user and applies the appropriate policy. It's when the MX doesn't recognize a change that it keeps it the same, again it would be great to clear that.