global protect timeout increase through Panorama CLI

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

global protect timeout increase through Panorama CLI

L3 Networker

We are managing the firewall through Panorama. We want to increase the global protect timeout as mentioned in below article.

https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000PNma

Can we make the changes directly through local firewall CLI ?

 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Thank you for response @Deepak25

 

I see, I think I misunderstood when I was replying you.

 

To change that value via Panorama, you can use below command:

 

set template <name of the template> config deviceconfig setting global-protect timeout <time out value>

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

Thank you for the post @Deepak25

 

If current Global Protect configuration is pushed by Template you will not be able to make this change locally on Firewall unless you override it: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cld5CAC

 

I would suggest to run this with override: override deviceconfig setting global-protect timeout <Timeout value>

 

Then you should be able to commit it locally on Firewall.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L3 Networker

Overriding template for small change is not looks proper. What is the command to increase timeout via panorama?

Cyber Elite
Cyber Elite

Thank you for response @Deepak25

 

I see, I think I misunderstood when I was replying you.

 

To change that value via Panorama, you can use below command:

 

set template <name of the template> config deviceconfig setting global-protect timeout <time out value>

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L3 Networker

@PavelKI have set GP auth timeout via panorama by running command : set template <name of the template> config deviceconfig setting global-protect timeout <time out value>

But when I check #show deviceconfig setting global-protect in firewall CLI , changed value is not showing.

Same command if try in Panorama , I can see the changed value.

Is it expected ?

Cyber Elite
Cyber Elite

Thank you for reply @Deepak25

 

This is not expected. Could you please make sure that Template you made a change to is bound to the Template Stack where the target Firewall you want to make change is associated to? Also, could you confirm by going to: Panorama > Managed Devices > Summary > [Navigate to target Firewall] > Check status of: "Template Last Commit State" to make sure this has been pushed without any error.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Running the command on firewall resolved the issue. I can see increased timeout value on firewall and radius authentication going to secondary radius server when primary radius server is unreachable.

  • 1 accepted solution
  • 4001 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!