diff --git a/client/internal/connect.go b/client/internal/connect.go
index b04e995d3..fcf11f9c1 100644
--- a/client/internal/connect.go
+++ b/client/internal/connect.go
@@ -140,15 +140,11 @@ func RunClient(ctx context.Context, config *Config) error {
 
 // createEngineConfig converts configuration received from Management Service to EngineConfig
 func createEngineConfig(key wgtypes.Key, config *Config, peerConfig *mgmProto.PeerConfig) (*EngineConfig, error) {
-	iFaceBlackList := make(map[string]struct{})
-	for i := 0; i < len(config.IFaceBlackList); i += 2 {
-		iFaceBlackList[config.IFaceBlackList[i]] = struct{}{}
-	}
 
 	engineConf := &EngineConfig{
 		WgIfaceName:    config.WgIface,
 		WgAddr:         peerConfig.Address,
-		IFaceBlackList: iFaceBlackList,
+		IFaceBlackList: config.IFaceBlackList,
 		WgPrivateKey:   key,
 		WgPort:         iface.DefaultWgPort,
 	}
diff --git a/client/internal/engine.go b/client/internal/engine.go
index a7186f192..ca33852ad 100644
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -45,7 +45,7 @@ type EngineConfig struct {
 	WgPrivateKey wgtypes.Key
 
 	// IFaceBlackList is a list of network interfaces to ignore when discovering connection candidates (ICE related)
-	IFaceBlackList map[string]struct{}
+	IFaceBlackList []string
 
 	PreSharedKey *wgtypes.Key
 
@@ -592,11 +592,6 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
 	stunTurn = append(stunTurn, e.STUNs...)
 	stunTurn = append(stunTurn, e.TURNs...)
 
-	interfaceBlacklist := make([]string, 0, len(e.config.IFaceBlackList))
-	for k := range e.config.IFaceBlackList {
-		interfaceBlacklist = append(interfaceBlacklist, k)
-	}
-
 	proxyConfig := proxy.Config{
 		RemoteKey:    pubKey,
 		WgListenAddr: fmt.Sprintf("127.0.0.1:%d", e.config.WgPort),
@@ -611,7 +606,7 @@ func (e Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, er
 		Key:                pubKey,
 		LocalKey:           e.config.WgPrivateKey.PublicKey().String(),
 		StunTurn:           stunTurn,
-		InterfaceBlackList: interfaceBlacklist,
+		InterfaceBlackList: e.config.IFaceBlackList,
 		Timeout:            timeout,
 		UDPMux:             e.udpMux,
 		UDPMuxSrflx:        e.udpMuxSrflx,
diff --git a/client/internal/peer/conn.go b/client/internal/peer/conn.go
index d057fbfaf..d1b118b66 100644
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -92,6 +92,7 @@ func interfaceFilter(blackList []string) func(string) bool {
 	return func(iFace string) bool {
 		for _, s := range blackList {
 			if strings.HasPrefix(iFace, s) {
+				log.Debugf("ignoring interface %s - it is not allowed", iFace)
 				return false
 			}
 		}
diff --git a/go.mod b/go.mod
index c5e6928a2..819d06b70 100644
--- a/go.mod
+++ b/go.mod
@@ -110,3 +110,5 @@ require (
 )
 
 replace github.com/pion/ice/v2 => github.com/wiretrustee/ice/v2 v2.1.21-0.20220218121004-dc81faead4bb
+
+//replace github.com/eko/gocache/v3 => /home/braginini/Documents/projects/my/wiretrustee/gocache
diff --git a/management/server/account.go b/management/server/account.go
index 6126916c6..6805f17db 100644
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -1,18 +1,22 @@
 package server
 
 import (
+	"context"
 	"fmt"
-	"reflect"
-	"strings"
-	"sync"
-
+	"github.com/eko/gocache/v2/cache"
+	cacheStore "github.com/eko/gocache/v2/store"
 	"github.com/netbirdio/netbird/management/server/idp"
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	"github.com/netbirdio/netbird/util"
+	gocache "github.com/patrickmn/go-cache"
 	"github.com/rs/xid"
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
+	"reflect"
+	"strings"
+	"sync"
+	"time"
 )
 
 const (
@@ -66,6 +70,8 @@ type DefaultAccountManager struct {
 	mux                sync.Mutex
 	peersUpdateManager *PeersUpdateManager
 	idpManager         idp.Manager
+	cacheManager       cache.CacheInterface
+	ctx                context.Context
 }
 
 // Account represents a unique account of the system
@@ -148,11 +154,12 @@ func (a *Account) GetGroupAll() (*Group, error) {
 func BuildManager(
 	store Store, peersUpdateManager *PeersUpdateManager, idpManager idp.Manager,
 ) (*DefaultAccountManager, error) {
-	dam := &DefaultAccountManager{
+	am := &DefaultAccountManager{
 		Store:              store,
 		mux:                sync.Mutex{},
 		peersUpdateManager: peersUpdateManager,
 		idpManager:         idpManager,
+		ctx:                context.Background(),
 	}
 
 	// if account has not default account
@@ -160,13 +167,18 @@ func BuildManager(
 	// also we create default rule with source an destination
 	// groups 'all'
 	for _, account := range store.GetAllAccounts() {
-		dam.addAllGroup(account)
+		am.addAllGroup(account)
 		if err := store.SaveAccount(account); err != nil {
 			return nil, err
 		}
 	}
 
-	return dam, nil
+	gocacheClient := gocache.New(7*24*time.Hour, 30*time.Minute)
+	gocacheStore := cacheStore.NewGoCache(gocacheClient, nil)
+
+	am.cacheManager = cache.NewLoadable(am.loadFromCache, cache.New(gocacheStore))
+	return am, nil
+
 }
 
 // AddSetupKey generates a new setup key with a given name and type, and adds it to the specified account
@@ -319,6 +331,49 @@ func mergeLocalAndQueryUser(queried idp.UserData, local User) *UserInfo {
 	}
 }
 
+func (am *DefaultAccountManager) loadFromCache(ctx context.Context, accountID interface{}) (interface{}, error) {
+	return am.idpManager.GetBatchedUserData(fmt.Sprintf("%v", accountID))
+}
+
+func (am *DefaultAccountManager) lookupCache(accountUsers map[string]*User, accountID string) ([]*idp.UserData, error) {
+	data, err := am.cacheManager.Get(am.ctx, accountID)
+	if err != nil {
+		return nil, err
+	}
+
+	userData := data.([]*idp.UserData)
+
+	userDataMap := make(map[string]struct{})
+	for _, datum := range userData {
+		userDataMap[datum.ID] = struct{}{}
+	}
+
+	// check whether we need to reload the cache
+	// the accountUsers ID list is the source of truth and all the users should be in the cache
+	reload := len(accountUsers) != len(userData)
+	for user := range accountUsers {
+		if _, ok := userDataMap[user]; !ok {
+			reload = true
+		}
+	}
+
+	if reload {
+		// reload cache once avoiding loops
+		err := am.cacheManager.Delete(am.ctx, accountID)
+		if err != nil {
+			return nil, err
+		}
+		data, err = am.cacheManager.Get(am.ctx, accountID)
+		if err != nil {
+			return nil, err
+		}
+
+		userData = data.([]*idp.UserData)
+	}
+
+	return userData, err
+}
+
 // GetUsersFromAccount performs a batched request for users from IDP by account id
 func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserInfo, error) {
 	account, err := am.GetAccountById(accountID)
@@ -328,7 +383,7 @@ func (am *DefaultAccountManager) GetUsersFromAccount(accountID string) ([]*UserI
 
 	queriedUsers := make([]*idp.UserData, 0)
 	if !isNil(am.idpManager) {
-		queriedUsers, err = am.idpManager.GetBatchedUserData(accountID)
+		queriedUsers, err = am.lookupCache(account.Users, accountID)
 		if err != nil {
 			return nil, err
 		}