Details
Set the Idle Timeout value for device management to 10 minutes or less to automatically close inactive sessions.
Rationale:
An unattended computer with an open administrative session to the device could allow an unauthorized user access to the firewall’s management interface.
Solution
Navigate to Device > Setup > Management > Authentication Settings.
Set Idle Timeout to less than or equal to 10.
or
To remediate this setting, execute the following CLI command:
[email protected]#set deviceconfig setting management idle-timeout
Default Value:
Not configured
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Palo_Alto.