How to Set Session, TCP, and UDP Timeout Values
Resolution
Overview
This document describes how to set and view session, TCP and UDP timeout settings from the PAN-OS web UI and CLI.
Details
To configure Session Timeouts:
- From the web UI, go to Device >Setup > Sessions > Session Timeouts.
PAN-OS 5.0, 6.0
PAN-OS 6.1
From the CLI, the timeout value can be changed with the following command which is not persistent with restart of the device:
> set session timeout-udp <1-15999999>
> set session timeout-tcp <1-15999999>
From the CLI, use the following commands in configure mode to make changes persistent with a device reboot:
For default session timeout setting
# set deviceconfig setting session timeout-default
<value> <1-15999999> set session default timeout value in seconds
For session timeout-tcp setting
# set deviceconfig setting session timeout-udp
<value> <1-15999999> set udp timeout value in seconds
For session timeout-udp setting
# set deviceconfig setting session timeout-tcp
<value> <1-15999999> set tcp timeout value in seconds
Perform a commit to save changes made to the configuration
# commit
After the commit operation is performed, the modified timeouts can be viewed through session information:
> show session info | match timeout
Session timeout
TCP default timeout: 3600 secs
TCP session timeout before SYN-ACK received: 5 secs
TCP session timeout before 3-way handshaking: 10 secs
TCP session timeout after FIN/RST: 30 secs
UDP default timeout: 30 secs
ICMP default timeout: 6 secs
other IP default timeout: 30 secs
Captive Portal session timeout: 30 secs
Session timeout in discard state:
TCP: 90 secs, UDP: 60 secs, other IP protocols: 60 secs
owner: ppatel