The firewall applies a Captive Portal session timeout that
defines how long end users can take to respond to the authentication
challenge in a Captive Portal web form. The web form displays when
users request services or applications that match an Authentication
policy rule. The session timeout is 30 seconds by default (range
is 1 to 1,599,999). It must be the same as or greater than the PAN-OS
web server timeout.
Modify
the Captive Portal Session Timeout if necessary. Keep in
mind that increasing the PAN-OS web server and Captive Portal session
timeouts might degrade the performance of the firewall or cause
it to drop authentication requests.