Specify the number of days, hours, or minutes
allowed for a single gateway login session.
Specify the amount of time (in minutes) after which an inactive session is automatically logged
out (range is 5 to 43200 minutes; default is 180 minutes). Users are
logged out of GlobalProtect if the GlobalProtect app has not routed
traffic through the VPN tunnel or if the gateway does not receive a
HIP check from the endpoint within the configured time period.
Cookie Usage Restrictions
Disable Automatic Restoration
of SSL VPN
Enable this option to prevent
automatic restoration of SSL VPN tunnels.
you enable this option, GlobalProtect will not support Resilient
Restrict Authentication Cookie Usage (for
Automatic Restoration of VPN tunnel or Authentication Override)
Enable this option to restrict authentication
cookie usage based on one of the following conditions:
original Source IP for which the authentication cookie was issued
authentication cookie usage to endpoints with the same public source
IP address of the endpoint to which the cookie was originally issued.
The original Source IP network range
cookie usage to endpoints with public source IP addresses within
the designated network IP address range. Enter a
to specify a range of IPv4 addresses or
Source IPv6 Netmask
to specify a
range of IPv6 addresses.
If you set either netmask to
this option is disabled for the specified IP address type. For example, you
can set a netmask to
if your portal or
gateway supports only one IP address type (IPv4 or IPv6) or if you
want to enable this option for only one IP address type (when your
portal or gateway supports both IPv4 and IPv6). You can set only
one netmask to
in a given gateway configuration;
you cannot simultaneously set both netmasks to
you accept the default
Source IPv4 Netmask
, authentication cookie usage is restricted
to the same public IPv4 address of the endpoint to which the cookie
was originally issued. If you accept the default
cookie usage is restricted to the same public IPv6 address of the
endpoint to which the cookie was originally issued.