Log out SASE without any alert

cancel
Showing results for 
Search instead for 
Did you mean: 

Log out SASE without any alert

L1 Bithead

My company has just introduced prisma access (SASE) in this year.

According to increasing telecommuing and business trip, the concept of SASE is greate and fit to our requirement that everyone can use and external netwrok like an internal network always.

 

By the way, there is a very weird contraint on global protect agent which should ensure network availabliity at all time based on SASE concept.

The maximum log-in life time is 365 days, means that everyone who are working using a global protect suddenly loses their network service witohout any prior notice after 1year.

 

The meaning of VPN in SASE concetp, it is not a temporary internal network use, but a main business purpose network.

Why there is no slection for Permanet on life-time configuration?

 

How to explain to my employees on this matter?

 

"After 1 year since Global Protect log-in, your network will be suddenly cut off. So, don't do any impotant work at this time or please use annual leaving".

 

In add

I already know that maintaining cookie permanently is one of the security risk.

But also it has some problem the connection would be broken.

SASE concept means it provides all security environment which was set by companies policy.

But if SASE connection was broken we can't maintain our policy.

Because User's will not log in SASE because it control their Device. 

Than it may causes security accident like security leak. (They can also access to malware websites)

It would be risk.

 

 

Does this make sense??????????

2 REPLIES 2

L3 Networker

Using a cookie without an expiration is a security risk. To allow devices to connect seamlessly without depending on the cookie authentication lifetime is better to use certificates (machine/user). It is also a best practice. 


Thanks for your comment. Using a certificate is just one of option we can choose. 

When we talk about security or security risk, it should be after availavility is secured in advance.

In case of prisma, there is no control function against unspecified network cut-off !!!!!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!