Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Junos Pulse timeout

giulia_
Occasional Contributor
‎06-02-2014 02:08:PM
‎06-02-2014 02:08:PM

Junos Pulse timeout

Hi, 

I've an IC4500 and my users are authenticate via Junos Pulse for a L2 connection, I've seen this log:

AUT209152014-06-02 15:55:00 - ic - [127.0.0.1] DOMAIN.COM\user(Realm)[Role] - Session timed out for DOMAIN.COM\user/Realm (session:2574ffff) due to inactivity (last access at 15:23:10 2014/06/02). Idle session identified after user request.

 

The connection was terminated due to inactivity, where can I configure this parameter?  what does Junos Pulse defines as inactivity?

 

Also in the active users table i have one particular user that authenticates successfully but I can't see the time when it was authenticated and what IP it has, i don't know why but the logs for this user is full of successfull authentications every minute, I don't know how to stop it. 

Anny suggestions on how to solve it?

 

Regards 

Giulianna

 

 

0 Kudos
1 REPLY 1
aronow_
Contributor
‎06-02-2014 02:44:PM
‎06-02-2014 02:44:PM

Re: Junos Pulse timeout

There are two ways inactivity can happen.  First is the user not sending heartbeats.  Say a user logs in from a laptop.  Then the close the lid on the laptop and go home.  Their session length may be set very long, but they will miss heartbeats and eventually be timed out and removed from the IC.  You want this to happen to remove users that are no longer on your network.  The second way inactivity time out happens is if you have the role option for use traffic through the firewall.  Then, if the user doesn't send traffic through the firewall for a certain period of time they get logged out.

 

Both of these are configured on the role session options page.

 

No IP and No timestamp mean they auth at L2, but don't make an L3 connection.  When Pulse or OAC authenticates to an IC, they will make the L3 connection to the IC after the 802.1x (L2) connection has taken place.  That is how the IC knows the IP address of the workstation.  If this isn't showing up in the logs then likely your user is blocked from talking to the IC at L3.  Could be a routing issue, a network firewall issue, a windows firewall issue, etc.  Windows firewall may be application specific.  They might be able to get to the IC with a web browser but they can't with Pulse or OAC.  Fix the L3 issue with that workstation and you will get their IP and time stamp (and stop seeing them auth every minute).

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.