This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Session timeout

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Session timeout

frankieyahoo
L1 Bithead

‎10-18-2016 07:56 PM

Hi,

 

From reading this article below:

 

Connection Timeout Even When Heartbeat Packet Sent

https://live.paloaltonetworks.com/t5/Management-Articles/Connection-Timeout-Even-When-Heartbeat-Pack...

 

It says "The session timeout is set to 60 minutes"; what does it mean of this sentence? Which timer represents the session timeout value here (set to 60 minutes)?

 

It says "This means 16 heartbeat packets are required to reset the timeout value."

If the heartbeat interval is 3 minutes. 3x16 = 48 minutes, which is shorter than 60 minutes. Does it mean that it won't encounter this 60 minutes of session timeout?

 

What is the function of "session offload"?

0 Likes Likes
4 REPLIES 4

kiwi
Community Team Member

‎10-19-2016 12:32 AM

Hi,

 

Session timeout

  TCP default timeout:                           3600 secs

 

Also this article explains offloading : 

https://live.paloaltonetworks.com/t5/Management-Articles/Why-and-When-are-Sessions-Offloaded/ta-p/61...

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

frankieyahoo
L1 Bithead
In response to kiwi

‎10-19-2016 05:55 AM

Hi Kim,

 

Session timeout

  TCP default timeout:                           3600 secs

 

Function of this timer, does it mean that if the TCP session has no activity or no any new packets exchange within this 3600 seconds (1 hour), then the TCP session will be dropped (TCP aged-out)?

But if there are heartbeat packets communicating within this 1 hour, why this TCP default timeout could still take effect after 1 hour? Or heartbeat message can not be counted as monitored packet here? 

0 Likes Likes

TranceforLife
L6 Presenter
In response to frankieyahoo

‎10-19-2016 06:12 AM

Good question. l want to hear reply as well 

0 Likes Likes

kiwi
Community Team Member
In response to frankieyahoo

‎10-19-2016 07:14 AM - edited ‎10-19-2016 07:15 AM

That is correct.

 

For offloaded TCP sessions the following rules apply :

 

# TCP session, 16 packets per flow (i.e. 32 packets per session, bi-directional) is needed to refresh session TTL timer.   This is a performance consideration.

 

In addition to the mentioned workarounds in the first article you posted you could also disable offloading.  Note that this approach can have a noticeable impact on the CPU and is not recommended.

 

-Kim.

 

 

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 2636 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks