How Session Rematch Works

How Session Rematch Works

49846
Created On 09/25/18 19:21 PM - Last Modified 05/24/23 19:02 PM


Symptom


Details

  • A change is made to a security policy and a commit is performed.
  • If session rematch is enabled, then the firewall will go through all the existing sessions and apply the new security policy to any matching traffic.

Environment


NGFW

Resolution


From the WebGUI, go to Device > Setup > Session, the Rematch Sessions setting is found on this page:

Screen Shot 2013-03-11 at 10.47.28 AM.png

 

Note: Rematch Sessions is enabled by default for PAN-OS 5.0 and above.

 

Example

The following example illustrates the behavior when Rematch Sessions is enabled.

Shown below is the original Security Policy:

Capture4.JPG

 

The original session is shown below:

Capture5.JPG

Capture7.JPG

 

  Shown below is the Security Policy:

Capture8.JPG

 

  The session after a policy change and commit:

Capture10.JPG

Capture11.JPG

Notice that as soon as the the commit took place, the session was rematched to the new policy and changed to the discard state from active.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWVCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language