This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Log out SASE without any alert

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Log out SASE without any alert

Prisma_Admin
L1 Bithead

‎08-30-2021 06:59 PM

My company has just introduced prisma access (SASE) in this year.

According to increasing telecommuing and business trip, the concept of SASE is greate and fit to our requirement that everyone can use and external netwrok like an internal network always.

 

By the way, there is a very weird contraint on global protect agent which should ensure network availabliity at all time based on SASE concept.

The maximum log-in life time is 365 days, means that everyone who are working using a global protect suddenly loses their network service witohout any prior notice after 1year.

 

The meaning of VPN in SASE concetp, it is not a temporary internal network use, but a main business purpose network.

Why there is no slection for Permanet on life-time configuration?

 

How to explain to my employees on this matter?

 

"After 1 year since Global Protect log-in, your network will be suddenly cut off. So, don't do any impotant work at this time or please use annual leaving".

 

In add

I already know that maintaining cookie permanently is one of the security risk.

But also it has some problem the connection would be broken.

SASE concept means it provides all security environment which was set by companies policy.

But if SASE connection was broken we can't maintain our policy.

Because User's will not log in SASE because it control their Device. 

Than it may causes security accident like security leak. (They can also access to malware websites)

It would be risk.

 

 

Does this make sense??????????

0 Likes Likes
2 REPLIES 2

SuperMario
L3 Networker

‎08-31-2021 12:28 PM - edited ‎08-31-2021 12:30 PM

Using a cookie without an expiration is a security risk. To allow devices to connect seamlessly without depending on the cookie authentication lifetime is better to use certificates (machine/user). It is also a best practice. 


0 Likes Likes

Prisma_Admin
L1 Bithead
In response to SuperMario

‎08-31-2021 05:03 PM

Thanks for your comment. Using a certificate is just one of option we can choose. 

When we talk about security or security risk, it should be after availavility is secured in advance.

In case of prisma, there is no control function against unspecified network cut-off !!!!!!

0 Likes Likes
  • 2720 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks