01-03-2022 05:25 AM
We are managing the firewall through Panorama. We want to increase the global protect timeout as mentioned in below article.
https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000PNma
Can we make the changes directly through local firewall CLI ?
01-06-2022 01:35 AM
Thank you for response @Deepak25
I see, I think I misunderstood when I was replying you.
To change that value via Panorama, you can use below command:
set template <name of the template> config deviceconfig setting global-protect timeout <time out value>
Kind Regards
Pavel
01-03-2022 04:00 PM
Thank you for the post @Deepak25
If current Global Protect configuration is pushed by Template you will not be able to make this change locally on Firewall unless you override it: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cld5CAC
I would suggest to run this with override: override deviceconfig setting global-protect timeout <Timeout value>
Then you should be able to commit it locally on Firewall.
Kind Regards
Pavel
01-06-2022 12:38 AM
Overriding template for small change is not looks proper. What is the command to increase timeout via panorama?
01-06-2022 01:35 AM
Thank you for response @Deepak25
I see, I think I misunderstood when I was replying you.
To change that value via Panorama, you can use below command:
set template <name of the template> config deviceconfig setting global-protect timeout <time out value>
Kind Regards
Pavel
01-07-2022 01:38 PM
@PavelKI have set GP auth timeout via panorama by running command : set template <name of the template> config deviceconfig setting global-protect timeout <time out value>
But when I check #show deviceconfig setting global-protect in firewall CLI , changed value is not showing.
Same command if try in Panorama , I can see the changed value.
Is it expected ?
01-07-2022 02:56 PM
Thank you for reply @Deepak25
This is not expected. Could you please make sure that Template you made a change to is bound to the Template Stack where the target Firewall you want to make change is associated to? Also, could you confirm by going to: Panorama > Managed Devices > Summary > [Navigate to target Firewall] > Check status of: "Template Last Commit State" to make sure this has been pushed without any error.
Kind Regards
Pavel
01-10-2022 09:05 AM
Running the command on firewall resolved the issue. I can see increased timeout value on firewall and radius authentication going to secondary radius server when primary radius server is unreachable.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
