CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 3 of 3

Thread: procedure for immediately terminating a user

  1. #1
    Join Date
    2014-07-10
    Posts
    1
    Rep Power
    0

    Default procedure for immediately terminating a user

    Hi Folks,

    I'm interested in a procedure to immediately disable and terminate a session for remote access. The scenario is if someone just gets fired and they are logged in remotely using SNX or some other type of session. What would you do? I was looking but could not find any operation manuals. I could only find Administration manuals which mainly deal with getting things working but not operations.

    Tia,

    Tony

  2. #2
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,028
    Rep Power
    14

    Default Re: procedure for immediately terminating a user

    Two options:

    1. You remove the user and push policy. Every new session for this user will be rejected. Tunnel and remaining sessions will continue till key re-negotiation.
    2. If you want to kill all immediately, you should check logs for source IP of the user's client and add a SAM rule to block it for some time. This is ensure immediate termination of all connections, if combined with the step one.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  3. #3
    Join Date
    2006-04-27
    Location
    Twillight zone
    Posts
    1,006
    Rep Power
    14

    Default Re: procedure for immediately terminating a user

    if you have smartview monitor, you can terminate connection for the user through the GUI
    There is also client portion of 'vpn tu' command/menu which can reset ike/ipsec

Similar Threads

  1. Terminating VPN behind CP (with NAT)
    By perfik in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 5
    Last Post: 2010-09-02, 10:15
  2. How to make rules work immediately?
    By o0000o in forum Check Point UTM-1 Appliances
    Replies: 4
    Last Post: 2009-07-30, 08:49
  3. SMTP reject immediately after being accepted
    By bluescreen in forum Miscellaneous
    Replies: 1
    Last Post: 2009-06-16, 20:47
  4. terminating IPSec vpn on multiple interfaces
    By cciesec2006 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 14
    Last Post: 2008-01-26, 19:38
  5. Terminating SecureClient on a private address
    By Dillan in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2006-09-13, 08:04

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •