SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  User Login Timeouts

    Posted 01-20-2010 11:52

    Hi All,

     

         Is there a way for users to timeout if they dont log out of the SRX?  I notice that each time I enter edit mode I see hte following

     

    admin@FW> edit
    Entering configuration mode
    Users currently editing the configuration:
      root terminal u0 (pid 1079) on since 2010-01-07 13:27:31 EST, idle 1w5d 19:58
          [edit security policies from-zone untrust to-zone trust policy Obelix...

    [edit]
    admin@FW#

     

    That user was me a week ago, I simple closed telnet withough loggin out.  Now that session seems stuck there.  Is there a way to just kill the session?

     

    Thanks

     



  • 2.  RE: User Login Timeouts

    Posted 01-20-2010 12:45

    From operational-mode you can do 'set cli idle-timeout x' where x equals a number of minutes.  Although I believe this value will get flushed between logins.

     

    Alternatively, you could assign an idle-timeout to the class the user account is linked to.  For example:

     

    root@jncie-lab# set login user test class engineering

    [edit system]
    root@jncie-lab# set login class engineer idle-timeout 5

     

    You can confirm this value after logging back in by doing 'show cli authorization' from operational-mode.

     

    HTHs.



  • 3.  RE: User Login Timeouts
    Best Answer

    Posted 01-21-2010 04:03

    You can perform logout of other sessions using "request system logout ..." or by killing any open cli processes on the BSD shell (list them with "ps -aux | grep cli" and kill them by using "kill pid").