Our security group is asking me to provide them with an interface to our SA-6500s (7.2) to allow them to terminate sessions of given users.
I went over the admin guide, but didn't see a documented way of doing this. Is any of you aware of a method, aside from the web GUI, for terminating an active session?
This is not possible at the moment.
SNMP is used for querying or sending traps for system information.
I guess it has to be a command via CLI which needs to be added but that would go as a feature enhancement request.
As Jay said, this is not possible.
What is the use-case that they want this control to do this programmatically?
There is potential of doing this through the DMI interface available; however, it will still require interaction by someone to tereminate the session. it is more efficient to do this activity via the web UI
Thanks, that's what I figured.
It has to do with compromised accounts. Since we do not limit maximum session duration, just locking the account allows someone to remain online if they established the connection before the compromise was discovered.
(And yes, I realize this is asking to solve blatantly obvious policy/organization issue with a technical workaround.)
unfortunately, it will require either you as admin to go in and delete the session once they notify you OR for the security team to go in and do it themselves (either as full admin or restricted to just the status information)