topic Re: loug user out by himself in Network Security

loug user out by himself

bastos — Thu, 02 Feb 2023 15:43:23 GMT

When we use the captive portal to log users in to access the Internet (firepower 2120 with FTD - OS 7.0.5 ), can the user log out by himself on your worksation? How? By url?

Re: loug user out by himself

Divya Jain — Mon, 13 Feb 2023 18:07:51 GMT

Hello,
Please refer to this link. You can an option to configure timeout vlaues for captive portal.
https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/create_and_manage_realms.html?bookSearch=true#task_F9ED2AF84F604438ACDC2124237DC518

for user to logout :

The only way to be sure a user logs out is to close and reopen the browser. Unless that happens, in some cases, the user can log out of captive portal and be able to access the network without authenticating again using the same browser.

Ref link :
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/control_users_with_captive_portal.html?bookSearch=true

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

Regards,
Divya Jain

Re: loug user out by himself

bastos — Tue, 14 Feb 2023 14:03:49 GMT

Thank's Divya Jain for your help, but let me explain better my issue.
In our network, we have shared workstations, where users access internet for 5-10 minutes only, and we have dedicate workstations (only one user for that workstaion). We configure 120 minutes to time out authentication. We are using openLdap to authenticate users. We need a way to user "click" on a button, or access some URL, and log out his session when he is using a shared workstation.

Re: loug user out by himself

Divya Jain — Tue, 28 Feb 2023 17:44:57 GMT

Hello,
Does closing the browser not helped in your scenraio? As in if the user closes browser on shared workstation, it should help.

Regards,
Divya Jain

Re: loug user out by himself

bastos — Tue, 28 Feb 2023 20:53:32 GMT

Hello, unfortunately not, the user will logout only after the time expires, in our case, only after 120 minutes.

Re: loug user out by himself

Divya Jain — Tue, 07 Mar 2023 07:27:08 GMT

Hello,
As per the guide this is what it says :

The only way to be sure a user logs out is to close and reopen the browser. Unless that happens, in some cases, the user can log out of captive portal and be able to access the network without authenticating again using the same browser.

Ref link : https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/control_users_with_captive_portal.html

If its not working as per that design, maybe see if you can make use of VPN client some way? or else maybe you can get it checked with TAC.

Regards,
Divya Jain