How to check the timeout and cookie settings in Palo Alto Network VPN?
Log in to the Palo Alto server from the command line interface (CLI) with administrator rights and use the configure command to use the configuration mode.
Checking the timeout settings
Run the show shared server-profile radius command to check the RADIUS timeout settings. The following output appears:
show shared server-profile radius
radius {
Radius profile name {
protocol {
CHAP;
}
server {
<Given name of the radius server> {
secret <hashed password>;
port 1812;
ip-address <radius server IP address>;
}
}
timeout 60;
retries 5;
}
}Run the show deviceconfig setting global-protect command to check the GlobalProtect connection timeout settings. The following output appears:
show deviceconfig setting global-protect
global-protect {
timeout 65;
}Checking the cookie settings
Run the show global-protect global-protect-portal <Global Protect portal name> client-config configs <Global Protect portal agent name> authentication-override command to check the GlobalProtect Portal cookie generation settings. The following output appears:
show global-protect global-protect-portal <Global Protect portal name> client-config configs <Global Protect portal agent name> authentication-override
authentication-override {
cookie-encrypt-decrypt-cert GP-Cert;
generate-cookie yes;
}Run the show global-protect global-protect-gateway <Global Protect gateway name> remote-user-tunnel-configs <Global Protect portal Agent Clients Configs name> authentication-override command to check the GlobalProtect Gateway cookie acceptance settings. The following output appears:
show global-protect global-protect-gateway <Global Protect gateway name> remote-user-tunnel-configs <Global Protect portal Agent Clients Configs name> authentication-override
authentication-override {
accept-cookie {
cookie-lifetime {
lifetime-in-hours 24;
}
}
cookie-encrypt-decrypt-cert GP-Cert;
generate-cookie no;
}
The following image shows an example of the CLI output:
