scheduled policies to affect existing sessions

Reply
Highlighted
L3 Networker

scheduled policies to affect existing sessions

Dear community,

 

I configured schedule on policies and it seems that as per design the existing sessions are not affected by the schedule:
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/objects/objects-schedules.htm... 

 

Meaning that if a session was created before the schedule, the traffic will not hit the scheduled policy unless sessions are cleared.

 

Do you know if there´s any way to try to make the existing policies to be affected by the shedule without needing for example to clear the sessions with a script?

 

Thank you in advance!

Highlighted
Cyber Elite

@Carracido,

There's really no way to do what you are looking. If session rematch is enabled and a commit is done the rulebase would be re-analyzed, but that's more work then simply scripting clearing the sessions and could have unintended consequences if someone was working on the GUI/CLI and was in the middle of a change that wasn't ready to be committed. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!