09-17-2012 08:49 AM
Hi All,
i want to ask about session timeout setting in palo alto.
if we create policy to allow traffic from trust to untrust with service http (custom http port 80)
1. what is default session timeout for http traffic?
from my testing it will hit web-browsing application event though i create the policy use service instead of application.
2. is it a correct behavior ?
3. from web-browsing application i can see the 3 session timeout setting for this web-application
Session timeout (second) : 30
TCP timeout (second) : 3600
UDP timeout (second): 30
and then from help guide
timeouts :
Enter the number of seconds before an idle application flow is terminated (range 0-604800). A zero indicates that the default timeout will be used. This value is used for protocols other than TCP and UDP in all cases and for TCP and UDP timeouts when the TCP timeout and UDP timeout are not specified. | |
my question is what session timeout that firewall use? 30 or 3600 ? from my testing it use 30 but from the description session timeout will use if tcp session timeout and UDP timeout are not specified but why i see the timeout value 30 second
thanks in advance
09-17-2012 09:07 AM
Hello,
These documents will answer your question about the timeout values:
https://live.paloaltonetworks.com/docs/DOC-2364
https://live.paloaltonetworks.com/docs/DOC-1581
Thanks,
Sri
09-17-2012 09:07 AM
Hello,
These documents will answer your question about the timeout values:
https://live.paloaltonetworks.com/docs/DOC-2364
https://live.paloaltonetworks.com/docs/DOC-1581
Thanks,
Sri
09-17-2012 11:07 AM
Hi,
1. what is default session timeout for http traffic?
from my testing it will hit web-browsing application event though i create the policy use service instead of application.
Yes, irrespective what service you select Paloalto will still identify the application and in this case it is web-browsing. and the default timeouts for web-browsing are
Session timeout (second) : 30
TCP timeout (second) : 3600
UDP timeout (second): 30
"my question is what session timeout that firewall use? 30 or 3600 ? from my testing it use 30 but from the description session timeout will use if tcp session timeout and UDP timeout are not specified but why i see the timeout value 30 second"
TCP Web-browsing sessions will have a time out of 3600 seconds. You might see a timeout value of 30 seconds for these TCP sessions when the web-server sends a FIN due to inactivity of the user. So initially when you open a website and check the TCP sessions immediately on the firewall, you will observer the timeout as 3600 secs. After a few seconds of inactivity on the web-site the web-server can send a FIN and this point the TCP sessions timeout will change from 3600 to a value of 30 seconds. You might be looking at this behavior. You can also see a time out of 30secs if you close the browser in which case the web-browser (client) is sending the FIN this time.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
