CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 3 of 3

Thread: procedure for immediately terminating a user

  1. #1
    Join Date
    2014-07-10
    Posts
    1
    Rep Power
    0

    Default procedure for immediately terminating a user

    Hi Folks,

    I'm interested in a procedure to immediately disable and terminate a session for remote access. The scenario is if someone just gets fired and they are logged in remotely using SNX or some other type of session. What would you do? I was looking but could not find any operation manuals. I could only find Administration manuals which mainly deal with getting things working but not operations.

    Tia,

    Tony

  2. #2
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,005
    Rep Power
    13

    Default Re: procedure for immediately terminating a user

    Two options:

    1. You remove the user and push policy. Every new session for this user will be rejected. Tunnel and remaining sessions will continue till key re-negotiation.
    2. If you want to kill all immediately, you should check logs for source IP of the user's client and add a SAM rule to block it for some time. This is ensure immediate termination of all connections, if combined with the step one.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  3. #3
    Join Date
    2006-04-27
    Location
    Twillight zone
    Posts
    997
    Rep Power
    12

    Default Re: procedure for immediately terminating a user

    if you have smartview monitor, you can terminate connection for the user through the GUI
    There is also client portion of 'vpn tu' command/menu which can reset ike/ipsec

Similar Threads

  1. Terminating VPN behind CP (with NAT)
    By perfik in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 5
    Last Post: 2010-09-02, 10:15
  2. How to make rules work immediately?
    By o0000o in forum Check Point UTM-1 Appliances
    Replies: 4
    Last Post: 2009-07-30, 08:49
  3. SMTP reject immediately after being accepted
    By bluescreen in forum Miscellaneous
    Replies: 1
    Last Post: 2009-06-16, 20:47
  4. terminating IPSec vpn on multiple interfaces
    By cciesec2006 in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 14
    Last Post: 2008-01-26, 19:38
  5. Terminating SecureClient on a private address
    By Dillan in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2006-09-13, 08:04

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •