I was recently auditing our VPN users and doing some general cleanup and noticed some users had been logged on for over 3 days. Wanting to create a timeout of say 8 hours would help me in auditing these accounts. I found this article referencing a method but I do not see this at all in my interface.
https://www.watchguard.com/training/sslvpn/49/manage19.htm
Is there a way to accomplish a timeout on just VPN users. Preferable a prompt to log back in after X hours.
Model: M470
Are they users defined in Firebox-DB? If so, “Session Timeout”, under each user. I’m not sure if you can do it with external AD/LDAP user accounts.
Do you tunnel all their web traffic through the VPN? If so it might be better to leave it be. The only time my client AV/IPS gets hits are when users aren’t on the network or VPN’d.
Thanks for info. I ended up finding the info shortly after my post. I used the Authentication Settings and session timeout (system manager UI). I was a little confused because with a DB user, I can set individual timeouts but since I was using AD for authentication you have to set it as a whole it seems.
You can, under Authentication Settings. There’s a timeout for “3rd party auth servers”.
I do tunnel all their web traffic through the VPN. I didn’t want their home computer or work laptop to have a persistent VPN connection to my network. Despite what you hear about HVAC and security… the real threat is persistent VPNs in my opinion. I’ve seen it happen dozens of times where networks bridge through a user with connections to multiple networks. HVAC “hacks” are honestly just bad passwords on publicly/internally exposed IPs.