topic Re: Session timeout in General Topics

Session timeout

el — Mon, 17 Sep 2012 15:49:37 GMT

Hi All,

i want to ask about session timeout setting in palo alto.

if we create policy to allow traffic from trust to untrust with service http (custom http port 80)

1. what is default session timeout for http traffic?

from my testing it will hit web-browsing application event though i create the policy use service instead of application.

2. is it a correct behavior ?

3. from web-browsing application i can see the 3 session timeout setting for this web-application

Session timeout (second) : 30

TCP timeout (second) : 3600

UDP timeout (second): 30

and then from help guide

timeouts :

	Enter the number of seconds before an idle application flow is terminated (range 0-604800). A zero indicates that the default timeout will be used. This value is used for protocols other than TCP and UDP in all cases and for TCP and UDP timeouts when the TCP timeout and UDP timeout are not specified.

my question is what session timeout that firewall use? 30 or 3600 ? from my testing it use 30 but from the description session timeout will use if tcp session timeout and UDP timeout are not specified but why i see the timeout value 30 second

thanks in advance

Re: Session timeout

zarina — Mon, 17 Sep 2012 16:07:38 GMT

Hello,

These documents will answer your question about the timeout values:

https://live.paloaltonetworks.com/docs/DOC-2364

https://live.paloaltonetworks.com/docs/DOC-1581

Thanks,

Sri

Re: Session timeout

sdurga — Mon, 17 Sep 2012 18:07:38 GMT

Hi,

1. what is default session timeout for http traffic?

from my testing it will hit web-browsing application event though i create the policy use service instead of application.

Yes, irrespective what service you select Paloalto will still identify the application and in this case it is web-browsing. and the default timeouts for web-browsing are

Session timeout (second) : 30

TCP timeout (second) : 3600

UDP timeout (second): 30

"my question is what session timeout that firewall use? 30 or 3600 ? from my testing it use 30 but from the description session timeout will use if tcp session timeout and UDP timeout are not specified but why i see the timeout value 30 second"

TCP Web-browsing sessions will have a time out of 3600 seconds. You might see a timeout value of 30 seconds for these TCP sessions when the web-server sends a FIN due to inactivity of the user. So initially when you open a website and check the TCP sessions immediately on the firewall, you will observer the timeout as 3600 secs. After a few seconds of inactivity on the web-site the web-server can send a FIN and this point the TCP sessions timeout will change from 3600 to a value of 30 seconds. You might be looking at this behavior. You can also see a time out of 30secs if you close the browser in which case the web-browser (client) is sending the FIN this time.