cancel
Showing results for 
Search instead for 
Did you mean: 

Programmatic (SNMP?) disconnect of active users on SA-series?

Highlighted
Contributor

Programmatic (SNMP?) disconnect of active users on SA-series?

Our security group is asking me to provide them with an interface to our SA-6500s (7.2) to allow them to terminate sessions of given users.

I went over the admin guide, but didn't see a documented way of doing this. Is any of you aware of a method, aside from the web GUI, for terminating an active session?

4 REPLIES 4
Highlighted
Super Contributor

Re: Programmatic (SNMP?) disconnect of active users on SA-series?

Hi,

 

This is not possible at the moment.

 

SNMP is used for querying or sending traps for system information.

 

I guess it has to be a command via CLI which needs to be added but that would go as a feature enhancement request.

 

Regards,

Jay

Highlighted
Respected Contributor

Re: Programmatic (SNMP?) disconnect of active users on SA-series?

As Jay said, this is not possible.

What is the use-case that they want this control to do this programmatically?

There is potential of doing this through the DMI interface available; however, it will still require interaction by someone to tereminate the session. it is more efficient to do this activity via the web UI

Highlighted
Contributor

Re: Programmatic (SNMP?) disconnect of active users on SA-series?

Thanks, that's what I figured.

 

It has to do with compromised accounts. Since we do not limit maximum session duration, just locking the account allows someone to remain online if they established the connection before the compromise was discovered.

 

(And yes, I realize this is asking to solve blatantly obvious policy/organization issue with a technical workaround.)

Highlighted
Respected Contributor

Re: Programmatic (SNMP?) disconnect of active users on SA-series?

unfortunately, it will require either you as admin to go in and delete the session once they notify you OR for the security team to go in and do it themselves (either as full admin or restricted to just the status information)