Expired Security policy behaviour

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Expired Security policy behaviour

L1 Bithead

What is the behaviour if schedule is expired on security policy? Existing established session terminated and new session will not established? What is the solution if existing established session not terminated after expired security policy 


L2 Linker

When a Security policy rule is invoked by a defined schedule, only new sessions are affected by the applied Security policy rule. Existing sessions are not affected by the scheduled policy


Any solution to resolve the said issue? As per my knowledge we need to clear the session manually on firewall  or idle timeout occurred.  What you say?


What is idle timeout for tcp and udp on PA?


Depends on the app-id identified, individual signatures can have different time-out values specified. If you absolutely need to have sessions at the end of the schedule just build out a script to clear sessions once the schedule has expired. 

Can you guide me what typeof script fo wr write?

  • 4 replies
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!