You wish to understand and optimize the NTLM TTL (Time-to-live) setting for Authentication operations on the Symantec Web Gateway.
Recommended settings:
Note that setting the TTL to "0" is not recommended except for testing purposes, as it risks overloading the SWG authentication sub-system with request traffic.
Applies To
The TTL setting (Configuration > Authentication > NTLM > TTL) controls the frequency of authentication requests being sent to the Active Directory controller. The default setting is 15 minutes, but the correct level depends on the type of system that is using the Web Gateway.
A setting of "0" will send every single authentication request to Active Directory. As each browsing session can generate multiple requests for each site and each component of a site, this can result a very large number of requests. This can potentially degrade the performance of both the Web Gateway itself and the Active Directory server.
Any other setting will cache the initial authentication session for the period of time specified (assuming that the session was allowed by the domain controller), thus increasing processing speed and reducing overhead significantly. Note that this will mean that the initial users details will be displayed until the TTL expires, even if another user logs on to the same system.
If for some reason the inital authentication request was refused by the DC, a new request will be sent each time the user refreshes the page.