IDM/CLI auto logout

Unanswered Question
May 15th, 2008

I work on a system that requires management interfaces to logout a user if inactive for a period of time (10 minutes).

Is there any way to configure this for the 4215/4240 IDM &/or CLI interfaces?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
marcabal Wed, 05/21/2008 - 12:59

The ftp-timeout option only applies to a sensor connecting to an ftp server for an upgrade.

There is no timeout option to shutdown a cli session (through telnet, ssh, or console) that has been sitting idle.

joedansereau Mon, 06/02/2008 - 09:23

Thanks. This would be a nice feature to have for all access methods (telnet, ftp, ssh, IDM, IME, etc...)

Farrukh Haroon Mon, 06/02/2008 - 11:04

If its really important, and there is firewall between the management subnet and the IPS sensor, you could use the firewall to disconnect the management traffic destined to the IPS after 'x' amount of time.



rhermes Mon, 06/02/2008 - 11:14

It would be nice, and is often required in any shop that has any defined security policy to have:

ssh/https session idle time out

RADIUS/TACACS AAA authentication

Account lockout after X bad passwords

Farrukh Haroon Mon, 06/02/2008 - 11:35

I totally agree, all these features are a must to apply a consistent security policy across all network elements (specially considering the IDS/IPS is a security device)



rhoud Mon, 06/02/2008 - 11:48

A bug was entered against IDM in 5.0 and never acted upon for this very thing.




This Discussion