Ending User Sessions
03/26/2020 34 14965
You can immediately terminate a user's session, even if the user has multiple connections on different services or nodes, or temporarily disable a user's network access for 10 minutes (the user can log in to the network again after that period if your access policy allows it). To permanently prevent a user from logging in to your VPN, you must do one of the following:
- Modify the applicable access control rules
- Modify or delete the applicable user and group definitions
- Delete the user from your user directory
To end open user sessions
1. From the main navigation menu, click User Sessions.
2. In the View lists, select the number of sessions you want to display, and then select All open (only sessions that are open can be terminated).
3. You can filter the list of sessions using a combination of other properties:
- User: Enter all or part of a user name. You can use wildcard characters (* or ?) anywhere in the search string.
- Realm: Select a realm, or all realms.
- Community: Select a community, or all communities. If you selected a realm, the communities you see in this list are restricted to those that are associated with it.
- Zone: Select a zone, or all zones.
- Agent: Select an agent or All access agents, or specify that none have been activated (translation only).
- Platform: Select a platform or All platforms.
4. There are two ways to terminate sessions manually in AMC. Only open sessions�those for which there is either a license or those that can be resumed�can be terminated. Select the check box next to any session you want to end, or select the check box at the top to select all the users in the list, and then click one of the session termination buttons:
When you click Terminate session, all connections associated with the selected sessions are terminated. This is a good way to free up a license from an idle session, for example. Termination occurs on a session-by-session basis, so if a user has several sessions you can be selective about which ones you end. The user whose session was terminated can immediately reauthenticate and log in to the appliance.
Terminate session - restrict logins
This type of termination is the same as above, but there is a ten-minute interval during which the user is not allowed to generate new sessions. If there are any existing sessions, they can be used, but until ten minutes elapse, no new sessions can be created. This is the type of termination you would use, for example, if you wanted to end all of a user's sessions and prevent any new ones from being established while you remove his or her credentials from the authentication store.