cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
522
Views
0
Helpful
5
Replies

loug user out by himself

bastos
Level 1
Level 1

When we use the captive portal to log users in to access the Internet (firepower 2120 with FTD - OS 7.0.5 ), can the user log out by himself on your worksation? How? By url?

5 Replies 5

Divya Jain
Cisco Employee
Cisco Employee

Hello,
Please refer to this link. You can an option to configure timeout vlaues for captive portal.
https://www.cisco.com/c/en/us/td/docs/security/firepower/660/configuration/guide/fpmc-config-guide-v66/create_and_manage_realms.html?bookSearch=true#task_F9ED2AF84F604438ACDC2124237DC518


for user to logout :

The only way to be sure a user logs out is to close and reopen the browser. Unless that happens, in some cases, the user can log out of captive portal and be able to access the network without authenticating again using the same browser.

 

Ref link : 
https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/control_users_with_captive_portal.html?bookSearch=true 


-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------


Regards,
Divya Jain

bastos
Level 1
Level 1

Thank's Divya Jain for your help, but let me explain better my issue.
In our network, we have shared workstations, where users access internet for 5-10 minutes only, and we have dedicate workstations (only one user for that workstaion). We configure 120 minutes to time out authentication. We are using openLdap to authenticate users. We need a way to user "click" on a button, or access some URL, and log out his session when he is using a shared workstation.

Hello,
Does closing the browser not helped in your scenraio? As in if the user closes browser on shared workstation, it should help.

 

 

Regards,
Divya Jain

Hello, unfortunately not, the user will logout only after the time expires, in our case, only after 120 minutes. 

Divya Jain
Cisco Employee
Cisco Employee

Hello,
As per the guide this is what it says :

The only way to be sure a user logs out is to close and reopen the browser. Unless that happens, in some cases, the user can log out of captive portal and be able to access the network without authenticating again using the same browser.

 

 

Ref link : https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/control_users_with_captive_portal.html

If its not working as per that design, maybe see if you can make use of VPN client some way? or else maybe you can get it checked with TAC.



Regards,
Divya Jain
 


 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: