Software Support: Starting with GlobalProtect™
app 6.0 and running PAN-OS 10.1.0 release
You can now enforce
a security policy rule to track traffic from endpoints while end
users are connected to GlobalProtect and to quickly log out inactive
GlobalProtect sessions. You can now enforce a shorter inactivity
logout period. If a GlobalProtect session remains inactive during
the configured time period, the session is automatically logged
out and the VPN tunnel is terminated. By enforcing a security policy,
you can quickly gain visibility into active user sessions, and better
utilize the gateway resources so that the tunnel IP address and
memory assigned to sessions are quickly available for reuse. When
you configure an internal gateway in non-tunnel mode, GlobalProtect
will continue to enforce the Inactivity Logout based
on several missing HIP reports because the gateway may not be in
accordance with identifying active traffic per user session.