Does PIX detect session termination ?

kevin · ‎02-18-2004

I've installed a PIX 515E DMZ with PIX OS 6.3 at a customer's site.

I've enabled RADIUS authentication for access via the internal

interface to the outside interface (Internet), this is done via

Microsoft Active directory and IAS (Microsoft's own RADIUS server)

the authentication works fine, and it allows access only once the

users authenticate. However the customer is used to logging on ever

time he has to use the Internet, thus once he closes the web browser

the firewall should log the user out and then once the user uses a

web browser again he has to log on. I know I can do this by reducing

the time out value to say 5 mins etc. But he wants it to recognize

it as session termination once the browser is closed

The question is can this be done on the pix, ie.. Detect session

termination and log the user off and request him to log back in

once he wants access.

K. Koelmeyer

Senior Systems Engineer

Kevin@kbsl.lk

dro · ‎02-18-2004

Hi Kevin, I don't believe this is possible. The PIX would have no way of knowing when the browser is closed. If there were a way to force a login after each session termination, the login box would show up multiple times on the same website as well as any new website the user surfs to (without closing the browser window).

Quite frequently, the browser will make multiple connections to the website while downloading images and content. Each connection would be new to the PIX, and so it would prompt for authentication.

I think your best bet is to just reduce the timeout.

Cheers,

-Joshua