Palo Alto Networks Knowledgebase: How Session Rematch Works

How Session Rematch Works

1965
Created On 09/25/18 19:21 PM - Last Updated 09/25/18 23:10 PM
Policy
Resolution

Overview

This document describes how session rematch works on a Palo Alto Networks firewall.

Details

A change is made to a security policy and a commit is performed. If session rematch is enabled, then the firewall will go through all the existing sessions and apply the new security policy to any matching traffic.

From the WebGUI, go to Device > Setup > Session, the Rematch Sessions setting is found on this page:

Screen Shot 2013-03-11 at 10.47.28 AM.png

Note: Rematch Sessions is enabled by default for PAN-OS 5.0 and above.

Example

The following example illustrates the behavior when Rematch Sessions is enabled.

Shown below is the original Security Policy:

Capture4.JPG

The original session is shown below:

Capture5.JPG

Capture7.JPG

  Shown below is the Security Policy:

Capture8.JPG

  The session after a policy change and commit:

Capture10.JPG

Capture11.JPG

Notice that as soon as the the commit took place, the session was rematched to the new policy and changed to the discard state from active.

owner: mbutt



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClWVCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language