- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-10-2023 07:53 AM
hi All,
I want to check when each admin account logs into its own session via GUI and SSH.
If either one login to a 2nd session then it will be denied.
Is it achievable? I can't find any article from Palo Alto regards to this.
07-10-2023 08:14 AM
No, admins are allowed to log in multiple times
you can limit their idle timeout in "device > setup > management > authentication settings" if you're worried they have too many 'sleeping' sessions open
07-11-2023 06:11 AM
The option works perfectly fine, however I'd really caution thinking through setting this value to 1.
Admin sessions are tracked whenever they access the GUI/CLI/API; so say that you have an admin who is making a change in the GUI and loses access to the device due to the change, if restricted to a single session they've now effectively locked out of the device. You'll be waiting for the established session to be removed prior to it allowing access via another session.
09-09-2024 09:17 AM
We had max session count set to 3. FIPS standard is 4.
We have 2 administrators and we constantly lock ourselves out of the PA when we are more actively engaged.
Session Count default is 0(Unlimited) and Session Time default is 0 which translate to 30 days.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!