03-30-2012 05:18 AM
We have a couple of machines that are set to display the PANOS web UI Dashboard so that we can see the current Risk Factor and System Resources, etc... so we set the Authentication Settings Idle Timeout to 0 so that the sessions do not time out, as indicated by the help.
However, they still do time out. Is there something else we need to change?
We're running PANOS 4.1.4, but the problem also occured in 4.1.1.
03-30-2012 12:33 PM
How often did you set it to reload?
Because every time the dashboard reloads the auth session timeout should reset the countdown.
Could there perhaps be some other timeout in your browser causing these problems? For example how long is your ssl repository open for access as timeout?
04-02-2012 06:08 AM
It is set to refresh every minute, the default for the Dashboard.
I'm not sure about the SSL repository. Where would I check that? If it helps, the problem seems to occur both in Firefox 11.0 on Linux and IE 8 on Windows 7.
04-02-2012 07:42 AM
Have you tried setting the idle timeout to 10 minutes while having the page refresh every minute please. Let us know if that works.
Thanks.
04-04-2012 08:16 AM
rmonvon wrote:
Have you tried setting the idle timeout to 10 minutes while having the page refresh every minute please. Let us know if that works.
This did not work. The browser sessions, even though they were on the Dashboard page and it was set to refresh each minute, still timed out. This occured on IE 8 and FF 11 on LInux
It did seem to take far longer (hours) than 10 minutes to time out, however. They seem to have timed out overnight.
04-04-2012 11:00 AM
It is possible that the browser itself is timing out. You may want to do a pcap and see which side (PA device ot browser) is really terminating the session.
Have you consider using SNMP or the API to retrieve the stats that you need? To me, it is a high security risk to leave the admin session active and accessible for extended period of time.
04-04-2012 03:59 PM
Regarding security risk...
Cant you limit an account to only view the dashboard (or similar) as a role?
04-24-2012 07:30 AM
KMacnaughton wrote:
rmonvon wrote:
Have you tried setting the idle timeout to 10 minutes while having the page refresh every minute please. Let us know if that works.
This did not work. The browser sessions, even though they were on the Dashboard page and it was set to refresh each minute, still timed out. This occured on IE 8 and FF 11 on LInux
It did seem to take far longer (hours) than 10 minutes to time out, however. They seem to have timed out overnight.
We upgraded to PAN-OS 4.1.5 last week and it seems to have corrected this part of the problem. With idle-timeout=10m and Dashboard-refresh=1m, sessions stay logged on.
I've not tested if idle-timeout=0 works, but as another user pointed out, that's not a preferred approach. We'd only tried =0 because the Dashboard-refresh wasn't keeping sessions alive.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
