Is it possible to force a timeout for SSL VPN that’s using external auth? Even if just a static period rather than inactivity. We pass all traffic so inactivity wouldn’t necessarily happen.
I’ve seen plenty of posts about it being possible with Firebox-DB users, and hints that it might be doable with external auth but nothing definitive. We also have AuthPoint as our primary auth source. If not possible with SSL VPN directly, is there anything with AuthPoint to terminate a user after a specified time?
sorry to revive a zombie post, but does this work for AuthPoint authenticated sessions? I ask because I have a couple of salesmen who remotely access one of our internal inventory systems through a vpn connection, and they are horrible about remembering to disconnect their sessions through the vpn on their phone when they aren’t actively using them, and it causes a lot of failed login push attempts to show up in our logs. It makes it hard for me to be able to quickly see if someone is trying to brute force a connection to gain access to our corporate network.
Yes, this is possible in Policy Manager under: Setup > Authentication > Authentication Settings > Session timeout.
This is for all third party authentication.
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/authentication/global\_auth\_settings\_c.html
I’ve had to resort to a scheduled script to kill the connection at a certain point. I’ve never been able to get any of the builtin timeout settings to do anything for any external auth.
Thank You, I forgot to review comments on this post. I am investigating this now to see if the session timeout and idle timeouts can stop the constant failed logins due to the push notification not being accepted by the problem user.
I have at one point written up documentation with pictures written on a 6th grade reading level on how to properly use a mobile vpn connection and threatened to start locking out user accounts and wait until they complain then send them the link to view the documentation in our office 365 sharepoint and do a quiz before I enable the account again. It’s just really irritating when you go to review your daily reports and weekly reports from arctic wolf and you see dozens of failed logins from the same user account with the reason being listed as failed push notification for why the connection failed.