"Disconnect on ideal" not working - Global protect

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

"Disconnect on ideal" not working - Global protect

We have set Disconnect on ideal for 20 min and we have tried to log off from the PC and login after 20 mins and GP is still connected,what could be the issue.

 

Inactivity logout seems to work after 2 hours

 

Palo version 8.1.13

GP- 5.1.1

 

Timeout Settings.png

Highlighted
Cyber Elite

Hello,

There is something that could be sending traffic over the VPN. Outlook and email programs are the usual culprit since they are always checking and sending traffic. Make sure there is nothing running that can send traffic or looking to update, i.e. Windows Update?

 

Hope that helps.

Highlighted
Cyber Elite

Lets see what is causing this?

MP
Highlighted
L3 Networker

@MP18 @OtakarKlier 

 


Hi.  We have done some troubleshooting on our end host PC and have found some TCP sessions that are continuously being created by our system and therefore sending traffic over the VPN Tunnel and keeping it alive.

 
The TCP sessions are created, and then they time out.  Then another TCP session is established and also times out.   We are not initiating this traffic and there are no other active processes that are trying to send traffic over the VPN.

Could you please see the attached screen shots and tell us how we can change this behavior so that we can effectively test the idle timeout settings on our Palo.  If you require any other information, please let us know.  Thanks
 
Also what exactly is the difference between Inactivity Logout and Disconnect on Idle?? Seem to be same 
 
 
04. Global Protect Unknown TCP - Stale3 (1).PNG08. Global Protect Unknown TCP - Stale5 (1).PNG01. Global Protect Unknown TCP.PNG
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!