https://community.cisco.com/t5/network-security/does-pix-detect-session-termination/m-p/289017#M568561 <P>I've installed a PIX 515E DMZ with PIX OS 6.3 at a customer's site. </P><P>I've enabled RADIUS authentication for access via the internal </P><P>interface to the outside interface (Internet), this is done via </P><P>Microsoft Active directory and IAS (Microsoft's own RADIUS server) </P><P>the authentication works fine, and it allows access only once the </P><P>users authenticate. However the customer is used to logging on ever </P><P>time he has to use the Internet, thus once he closes the web browser </P><P>the firewall should log the user out and then once the user uses a </P><P>web browser again he has to log on. I know I can do this by reducing </P><P>the time out value to say 5 mins etc. But he wants it to recognize </P><P>it as session termination once the browser is closed </P><P></P><P>The question is can this be done on the pix, ie.. Detect session </P><P>termination and log the user off and request him to log back in </P><P>once he wants access. </P><P></P><P>K. Koelmeyer</P><P>Senior Systems Engineer</P><P><A href="mailto:Kevin@kbsl.lk" target="_blank">Kevin@kbsl.lk</A></P><P></P> Fri, 21 Feb 2020 07:15:04 GMT kevin 2020-02-21T07:15:04Z https://community.cisco.com/t5/network-security/does-pix-detect-session-termination/m-p/289017#M568561 <P>I've installed a PIX 515E DMZ with PIX OS 6.3 at a customer's site. </P><P>I've enabled RADIUS authentication for access via the internal </P><P>interface to the outside interface (Internet), this is done via </P><P>Microsoft Active directory and IAS (Microsoft's own RADIUS server) </P><P>the authentication works fine, and it allows access only once the </P><P>users authenticate. However the customer is used to logging on ever </P><P>time he has to use the Internet, thus once he closes the web browser </P><P>the firewall should log the user out and then once the user uses a </P><P>web browser again he has to log on. I know I can do this by reducing </P><P>the time out value to say 5 mins etc. But he wants it to recognize </P><P>it as session termination once the browser is closed </P><P></P><P>The question is can this be done on the pix, ie.. Detect session </P><P>termination and log the user off and request him to log back in </P><P>once he wants access. </P><P></P><P>K. Koelmeyer</P><P>Senior Systems Engineer</P><P><A href="mailto:Kevin@kbsl.lk" target="_blank">Kevin@kbsl.lk</A></P><P></P> Fri, 21 Feb 2020 07:15:04 GMT https://community.cisco.com/t5/network-security/does-pix-detect-session-termination/m-p/289017#M568561 kevin 2020-02-21T07:15:04Z https://community.cisco.com/t5/network-security/does-pix-detect-session-termination/m-p/289018#M568573 <HTML><HEAD></HEAD><BODY><P>Hi Kevin, I don't believe this is possible. The PIX would have no way of knowing when the browser is closed. If there were a way to force a login after each session termination, the login box would show up multiple times on the same website as well as any new website the user surfs to (without closing the browser window).</P><P></P><P>Quite frequently, the browser will make multiple connections to the website while downloading images and content. Each connection would be new to the PIX, and so it would prompt for authentication.</P><P></P><P>I think your best bet is to just reduce the timeout.</P><P></P><P></P><P>Cheers,</P><P>-Joshua</P></BODY></HTML> Wed, 18 Feb 2004 14:03:29 GMT https://community.cisco.com/t5/network-security/does-pix-detect-session-termination/m-p/289018#M568573 dro 2004-02-18T14:03:29Z