https://live.paloaltonetworks.com/t5/prisma-access-discussions/log-out-sase-without-any-alert/m-p/430264#M247 <P>My company has just introduced prisma access (SASE) in this year.</P><P>According to increasing telecommuing and business trip, the concept of SASE is greate and fit to our requirement that everyone can use and external netwrok like an internal network always.</P><P>&nbsp;</P><P>By the way, there is a very weird contraint on global protect agent which should ensure network availabliity at all time based on SASE concept.</P><P><FONT color="#FF0000"><STRONG>The maximum log-in life time is 365 days, means that everyone who are working using a global protect suddenly loses their network service witohout any prior notice after 1year.</STRONG></FONT></P><P>&nbsp;</P><P>The meaning of VPN in SASE concetp, it is not a temporary internal network use, but a main business purpose network.</P><P><STRONG><FONT color="#FF0000">Why there is no slection for Permanet on life-time configuration?</FONT></STRONG></P><P>&nbsp;</P><P><FONT color="#000000">How to explain to my employees on this matter?</FONT></P><P>&nbsp;</P><P><FONT color="#0000FF"><EM>"After 1 year since Global Protect log-in, your network will be suddenly cut off. So, don't do any impotant work at this time or please use annual leaving".</EM></FONT></P><P>&nbsp;</P><P><FONT color="#0000FF"><EM>In add</EM></FONT></P><P>I already know that maintaining cookie permanently is one of the security risk.</P><P>But also it has some problem the connection would be broken.</P><P>SASE concept means it provides all security environment which was set by companies policy.</P><P>But if SASE connection was broken we can't maintain our policy.</P><P>Because User's will not log in SASE because it control their Device.&nbsp;</P><P>Than it may causes security accident like security leak. (They can also access to malware websites)</P><P>It would be risk.</P><P>&nbsp;</P><P>&nbsp;</P><P><FONT color="#000000">Does this make sense??????????</FONT></P> Tue, 31 Aug 2021 01:59:08 GMT Prisma_Admin 2021-08-31T01:59:08Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/log-out-sase-without-any-alert/m-p/430264#M247 <P>My company has just introduced prisma access (SASE) in this year.</P><P>According to increasing telecommuing and business trip, the concept of SASE is greate and fit to our requirement that everyone can use and external netwrok like an internal network always.</P><P>&nbsp;</P><P>By the way, there is a very weird contraint on global protect agent which should ensure network availabliity at all time based on SASE concept.</P><P><FONT color="#FF0000"><STRONG>The maximum log-in life time is 365 days, means that everyone who are working using a global protect suddenly loses their network service witohout any prior notice after 1year.</STRONG></FONT></P><P>&nbsp;</P><P>The meaning of VPN in SASE concetp, it is not a temporary internal network use, but a main business purpose network.</P><P><STRONG><FONT color="#FF0000">Why there is no slection for Permanet on life-time configuration?</FONT></STRONG></P><P>&nbsp;</P><P><FONT color="#000000">How to explain to my employees on this matter?</FONT></P><P>&nbsp;</P><P><FONT color="#0000FF"><EM>"After 1 year since Global Protect log-in, your network will be suddenly cut off. So, don't do any impotant work at this time or please use annual leaving".</EM></FONT></P><P>&nbsp;</P><P><FONT color="#0000FF"><EM>In add</EM></FONT></P><P>I already know that maintaining cookie permanently is one of the security risk.</P><P>But also it has some problem the connection would be broken.</P><P>SASE concept means it provides all security environment which was set by companies policy.</P><P>But if SASE connection was broken we can't maintain our policy.</P><P>Because User's will not log in SASE because it control their Device.&nbsp;</P><P>Than it may causes security accident like security leak. (They can also access to malware websites)</P><P>It would be risk.</P><P>&nbsp;</P><P>&nbsp;</P><P><FONT color="#000000">Does this make sense??????????</FONT></P> Tue, 31 Aug 2021 01:59:08 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/log-out-sase-without-any-alert/m-p/430264#M247 Prisma_Admin 2021-08-31T01:59:08Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/log-out-sase-without-any-alert/m-p/430554#M248 <P>Using a cookie without an expiration is a security risk. To allow devices to connect seamlessly without depending on the cookie authentication lifetime is better to use certificates (machine/user). It is also a best practice.&nbsp;<BR /><BR /><BR /></P> Tue, 31 Aug 2021 19:30:56 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/log-out-sase-without-any-alert/m-p/430554#M248 SuperMario 2021-08-31T19:30:56Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/log-out-sase-without-any-alert/m-p/430642#M249 <P>Thanks for your comment. Using a certificate is just one of option we can choose.&nbsp;</P><P>When we talk about security or security risk, it should be after availavility is secured in advance.</P><P>In case of prisma, there is no control function against unspecified network cut-off !!!!!!</P> Wed, 01 Sep 2021 00:03:58 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/log-out-sase-without-any-alert/m-p/430642#M249 Prisma_Admin 2021-09-01T00:03:58Z