Question on Session End Reason being tcp-reuse
46814
Created On 03/11/19 15:37 PM - Last Modified 04/07/21 21:34 PM
Question
Why do sessions end with end reason of tcp-reuse?
Environment
- Palo Alto Firewall.
- PAN-OS 8.0 and above.
Answer
The reason for TCP-REUSE is that session is reused and the firewall closes the previous session.
TCP-reuse involves the following:
- A TCP Time wait timer is triggered [15 seconds] when the firewall receives the second FIN [gracious TCP termination] or an RST, which ideally means that the session is good for closing in 15 seconds.
- Within those 15 seconds, if the firewall receives a new SYN with the same TCP source port to the same destination [i.e. Session setup parameters stay the same], then PAN-OS end the previous session with a session-end reason as TCP-reuse and activates the new session using previous session information.
PAN-OS doesn't have a specific option to override the behavior, but it has an option to alter the TCP timeout setting for individual applications.
The application settings can be changed after confirming the "tcp-reuse" as the end reason. Refer Tips & Tricks: Session Timeouts for details.