Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
User logout URL ?
I have authentication set to 40 min
My Staff/Students mix machines, so it happens often that staff will be using workstation that is still logged to firewall (firewall authentication on Macs) as student (hence having student restrictions applied)
Is there a URL that allows user to logout off the firewall?
Of course I can do it from ADMIN web GUI, but that is not the point
I need self-service for a user to be able to log off him/her self
Seb
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m not getting you so i cant say anything ..... Write it in a way that is easy to understand.
CLI or GUI ?
Staff / Student admin profiles ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there a URL that allows user to logout of the firewall?Short answer: no. I am assuming you are using the web-based login window for your Macs. Longer answer: You can fudge things by using
config global auth-keepalive enableThis will create an additional browser window when you login that will keep the connection alive as long as the browser is up. On that page, there is a button that can forcibly end the authentication session. I played with it early on but decided it was not worth the trouble for my particular setup. Instead, I opted for shorter timeouts with the assumption that most stations would be idle for at least 5-10 minutes before another user tried using one. If you wanted to try to hack something, it might be possible to create a script that could be uploaded to the firewall to periodically kill the connections on a set of machines with known IPs. Some of the other admins here might be able to comment on that approach.
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Strange that nobody else chipped in...
Yes, I implemented
config global auth-keepalive enable
which would be perfect if the window did not have to stay open
I might consider shorter timeouts
Seb
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maybe have a look at
config user setting set auth-timeout <minutes> set auth-timeout-type {idle-timeout|hard-timeout|new-session}These were introduced in 4.3.6, see RN or " What' s New in MR3 patch 6" .
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
