Hi team like to know a change in the default values of two settings in the Agent > App configuration of the globalprotect portal. (Network > GlobalProtect > Portals > [portal-config] > Agent > [agent-config] > App)
The settings are "Portal Connection Timeout" and "TCP Connection Timeout". Right now we have those on the old default values (30 and 60), but the PA manual page says: "Starting with Content Release version 777-4484, the default is 5".
Source: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/network-globalprotect-portals/globalprotect-portals-agent-configuration-tab/globalprotect-portals-agent-app-tab.html
We couldn't find any documentation describing the changes in content release 777-4484, and we would like to know what the reason for this change is, mainly to reproduce it in our environment if it is a security issue.
Regards
I would think it's a DOS protection change. (For example SYN-flood) Leaving unattended connections open for 30 seconds seems long and unnecessary. Imagine if someone starts pushing thousands of connections on your portal every couple of ms, you'd be running out available sockets in no time.