Palo Alto GlobalProtect Timeout Settings

Below are a couple of timeouts but Login Lifetime will disconnect your end users no matter what. If it’s set to 1 day, it will cut off the VPN connection when it reaches 1 day. Even if there’s activity. I only bring this up because you might get calls from users complaining that their VPN keeps kicking them out. End users will need to be educated on this and you will most likely have to work with other teams to set this to a timeout everyone is happy with. This all should be done before rolling it out.


Timeout Configuration
Login Lifetime
Specify the number of days, hours, or minutes allowed for a single gateway login session.
Inactivity Logout
Specify the amount of time (in minutes) after which an inactive session is automatically logged out (range is 5 to 43200 minutes; default is 180 minutes). Users are logged out of GlobalProtect if the GlobalProtect app has not routed traffic through the VPN tunnel or if the gateway does not receive a HIP check from the endpoint within the configured time period.