VPN: Manually Disconnect a logged-in User
I would like to have a option on the Remote Access Status Page to throw out a logged-in-User. In some cases it would be necessary to log out a user manually with the webadmin-interface.
In ASG's "Remote Access VPN" tab, it shows the currently connected remote-access VPN users and their assigned RAS address. It would be useful to also show their actual public IP address, and have a "button" which will allow central disconnection of a specific remote-access vpn client.
Further, in the User definition, it would be useful to have a boolean flag for whether the user is "active" or "inactive" so that a user can be suspended from the system without having to delete that user profile.
Function to log out an User-VPN-Session from ASG
We often have to do this without cutting all Users. This is ab big Problem for our Company. It´ll be very nice if this was possible from WebAdmin
Ability to terminate an individual SSL VPN session via a disconnect button by the administrator.
This feature is completed as part of XG Firewall that has been released on November 9th 2015.
it is released on XG yet?
and is it part of UTM 9.4?!?!
So I have a Sophos UTM 320 this feature will not be available?
I would like to have this feature added as well, please. thank you!
Agreed. Please add this. It's very very necessary to disconnect a user manually from the UI.
We deploy static ips to handle some legacy systems users access remotely , when users leave themselves logged in then they cannot connect from any other location because of the NAT rules, we need to be able to kick the sessions please! This was basic is rras
to identify the source IP, this worked for me:
1. Check Remote Access Online Users for VPN-pool IP assigned to user session you want to kill.
2. Search “IPsec VPN” log for that VPN-pool IP address, making sure you have found the currently-active one, and confirm its log entry has the correct username. This log entry will also list user’s source IP/srcip. Proceed with the kill as per my previous comment.
I'd appreciate any advice on this technique... from the command line, you can find currently active L2TP/IPsec sessions:
ps -ef | grep l2tp
If you can identify the source IP of the session you want to terminate, you can kill that session's associated PID.
I need this capability in case a user account needs to be terminated. If someone has just been fired, I do not want their VPN tunnel to stay up!
Just a guess. In V9.1 it is possbile to configure more than one ssl remote access profile. Maybe you could just configure one profile per user and if you have to disconnect a specific user just deactivate his profile. This is just a guess I haven't tried this.
I run in to this frequently where I want to force just one logged on user to disconnect. Sometimes I see one user with 2 ip addresses and one of them is the same as another user.
Bob Alfson commented
I've had two different accounts ask for this today!
Cheers - Bob
Today i needed it, but there was no way how to manually disconect a user
We have ran into an issue where our remote users will connect remotely, but will leave the connection active when they leave their house.
This can pose as a security risk and we are unable to disconnect the user from within WebAdmin.
We need a way of disconnecting a user that is connected remotely without taking down the entire system.
Make it so for all remote VPN session types
But i think Angelo should say somthing..!! Because in case of VPN we dont have so much options. Please reply...
Scott Klassen commented
Keeping hope alive. :)
Hi.. Angelo Comazzetto
Now we are using v8.103 and v8.165 under testing but there is no option for manually Disconnect.
Angelo any updates on that ? there is nothing on 8.001
Corey Wheeler commented
I've come across the limitation many times over. There are users that never seem to log out, thereby taking up value system resources and bandwidth, not to mention the security risk of having a user logged in for days on end while they're on vacation. Other firewalls seem to offer this ability, but Astaro is my firewall of choice as opposed to a Cisco PIX or ASA. I want to be able to drop the connection or at the very least set limitations on how session length or idle time.
Please not only for SSL-VPN its a good thing to have on all RemoteAccess Methods