Session length calculation - PaloAlto

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Session length calculation - PaloAlto

L1 Bithead

Hello,

 

does anybody know, how exactly the Session length for a session is calculated in PAN-OS?
Is it depended on the system time?
--> Would my TTL decrease if the system time changes and therefore reset my TCP session if the threshold of the TTL is reached (Or aged-out with UDP)?

Regards,

Eric

7 REPLIES 7

Cyber Elite
Cyber Elite

@EMIND,

I'm not positive on this, but I'm assuming that the TTL is actually handled on Epoch time like most session related networking hardware.

L1 Bithead

@EMIND wrote:

Hello,

 

does anybody know, how exactly the Session length for a session is calculated in PAN-OS?
Is it depended on the system time? 
--> Would my TTL decrease if the system time changes and therefore reset my TCP session if the threshold of the TTL is reached (Or aged-out with UDP)?

Regards,

Eric


Select Rematch all sessions on config policy change to apply newly configured Security policy rules to sessions that are already in progress. This capability is enabled by default. If you clear this check box, any policy rule changes you make apply only to sessions initiated after you commit the policy change.

L6 Presenter

The bot accounts in the PA forums are really getting out of control. New user "Kuhic567":

- account created 2022-02-14

- 02-15 makes reply post on 2 month old thread that is direct quote from a third party article searched by keyword

- 02-15 makes reply post that is direct quote from Cisco forum

- 02-25 makes giberish reply post

 

$10 says that tomorrow morning the new account edits the above post to include a spam/phishing link.

L1 Bithead

I researched the toppic a little bit further.
Some vendors implemented a function to mitigate a session timeout problem.
They implemented some sort of dif. time value to the Epoch time after a big time change.
I wasn't able to find any documentations from palo if this feature is present in PAN-OS.
(@Adrian: You lost 10 bucks 😄

L6 Presenter

@EMIND So it seems, for the moment... But if some other threads are an indication, where most of the replies are bots, I don't think I will have to what long to make up the loss.

L6 Presenter

@EMIND I win my $10 bet... Bot account edited previous reply to include spam link "MiBridges Login" pointing to www(.)mibridges(.)me 

L7 Applicator

Sorry about  Kuhic567, he has been banned.. 

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!
  • 4346 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!