Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IDM/CLI auto logout

I work on a system that requires management interfaces to logout a user if inactive for a period of time (10 minutes).

Is there any way to configure this for the 4215/4240 IDM &/or CLI interfaces?

7 REPLIES
Silver

Re: IDM/CLI auto logout

Use the ftp-timeout command in the service host submode to change the number of seconds that the FTP client waits before timing out when the sensor is communicating with an FTP server. The default is 300 seconds.

refer the following url for more info:

http://www.cisco.com/en/US/docs/security/ips/6.0/configuration/guide/cli/cliTasks.html#wpmkr1088220

Cisco Employee

Re: IDM/CLI auto logout

The ftp-timeout option only applies to a sensor connecting to an ftp server for an upgrade.

There is no timeout option to shutdown a cli session (through telnet, ssh, or console) that has been sitting idle.

New Member

Re: IDM/CLI auto logout

Thanks. This would be a nice feature to have for all access methods (telnet, ftp, ssh, IDM, IME, etc...)

Re: IDM/CLI auto logout

If its really important, and there is firewall between the management subnet and the IPS sensor, you could use the firewall to disconnect the management traffic destined to the IPS after 'x' amount of time.

Regards

Farrukh

Gold

Re: IDM/CLI auto logout

It would be nice, and is often required in any shop that has any defined security policy to have:

ssh/https session idle time out

RADIUS/TACACS AAA authentication

Account lockout after X bad passwords

Re: IDM/CLI auto logout

I totally agree, all these features are a must to apply a consistent security policy across all network elements (specially considering the IDS/IPS is a security device)

Regards

Farrukh

New Member

Re: IDM/CLI auto logout

A bug was entered against IDM in 5.0 and never acted upon for this very thing.

Thanks

Bob

446
Views
0
Helpful
7
Replies
CreatePlease to create content