Table of Contents
Advertisement
Add a domain
controller
Advanced properties
Maximum
authentication
duration
Refresh user group
updates
Disconnection
detection
Detection method
Consider as disconnected after
Page 51/448
Click to select or create the corresponding object. You will need to add all the domain
controllers that control the Active Directory domain. They have to be saved
beforehand in the firewall's object database.
NOTE
The firewall manages a single domain, as only a single directory can be
configured.
Define the maximum duration for the session of an authenticated user. After this
period, the firewall will delete the user from its table of authenticated users, thereby
logging out the user.
This duration is to be defined in seconds or minutes. It is set by default to 36000
seconds, or 10 hours.
If the Active Directory has been configured on the firewall (Directory configuration
module), the firewall will check for possible changes made to LDAP directory groups.
The firewall will then update its directory configuration then send this information to
the SSO agent.
This duration defined in seconds, minutes or hours, is set by default to 3600 seconds,
or 1 hour.
This option allows deleting authenticated used when an associated host logs off or
when a session is shut down. This test to detect which hosts are connected to the
firewall is carried out either by pinging or by the registry database method.
If this method is not enabled, the user will only be disconnected after the defined
authentication period, even if his session is shut down.
Select a log off method from PING or Registry database:
PING
THE SSO agent tests the accessibility of all hosts authenticated on the
firewall every 60 seconds by default.
If there is no response or a host unreachable response is received after the
period defined hereafter, the SSO agent will send the firewall a request to
log off. The firewall will then delete the user associated with this IP address
from its table of authenticated users, thereby logging out the user.
Registry The Registry database (BDR) is a database used by the Windows operating
system to store information about the system's configuration and installed
software. This method allows, for example, detecting a closed session on a
host that is still running.
In the event of a positive response to the ping, the SSO agent will log on
remotely to the host and check in the Registry database the list of users
with a session open on the host. This allows updating the firewall's table of
authenticated users.
If a host does not respond to the ping after
this period, it will be considered disconnected.
The firewall will then delete the user
associated with this host from its table of
authenticated users.
This duration defined in seconds, minutes or
hours, is set by default to 5 minutes.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
AUTHENTICATION
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
