SSL VPN timeout
Hello, We have a M390 on 12.11. I'm wondering if there is a way to set a timeout limit for SSLVPN user? We authenticate users via AD and would like to have them automatically disconnected after 10 hours. Is that possible on a Watchguard? We were able to do this on the old Ciscos we were using. Thank you
0
Sign In to comment.
Comments
Hi @jem4170
The most effective way I've found to do this is to set the "Renegotiate Data Channel" to 600 minutes (which is 10 hours.)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/mvpn/ssl/configure_fb_for_mvpn_ssl_c.html#Advanced
If you have "Auto Reconnect after a connection is lost," make sure to enable the option to "force users to reauthenticate," which will fail if the workstation is just idle.
Modern OSes are generally too chatty (especially with full/forced tunnels) for an idle timeout to be effective.
-James Carson
WatchGuard Customer Support