User logout URL ?

I' m not getting you so i cant say anything ..... Write it in a way that is easy to understand. CLI or GUI ? Staff / Student admin profiles ?

Is there a URL that allows user to logout of the firewall?

Short answer: no. I am assuming you are using the web-based login window for your Macs. Longer answer: You can fudge things by using

config global auth-keepalive enable

This will create an additional browser window when you login that will keep the connection alive as long as the browser is up. On that page, there is a button that can forcibly end the authentication session. I played with it early on but decided it was not worth the trouble for my particular setup. Instead, I opted for shorter timeouts with the assumption that most stations would be idle for at least 5-10 minutes before another user tried using one. If you wanted to try to hack something, it might be possible to create a script that could be uploaded to the firewall to periodically kill the connections on a set of machines with known IPs. Some of the other admins here might be able to comment on that approach.

Strange that nobody else chipped in... Yes, I implemented config global auth-keepalive enable which would be perfect if the window did not have to stay open I might consider shorter timeouts Seb

Maybe have a look at

 config user setting     set auth-timeout <minutes>     set auth-timeout-type {idle-timeout|hard-timeout|new-session}

These were introduced in 4.3.6, see RN or " What' s New in MR3 patch 6" .