- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How the Secure Mobile Access Appliance Removes a User's Session from the Active Users List
03/26/2020 
11 People found this article helpful
33,637 Views
Description
This article includes a brief discussion of the criteria for removing a user session from the active users list in SonicWall SMA 1000 Series appliance, including the default timeout value and triggers that remove a user from that list. SonicWall SMA appliance uses the following criteria for the following services when determining how to time out a user session from the "Active Users" list of the Appliance Management Console (AMC).
Resolution
WorkPlace / Web Access Service
WorkPlace and the Web Access Service time out a user session after 30 minutes of inactivity.
Client/Server Access Service
Client/Server Access Service times out a user session as soon as the user closes all of their connections to the service. For example, once a Connect user disconnects from the appliance, the Client/Server Access Service times out the user session. If the user never closes the connection, then the connection will time out after eight hours.
Policy Service
The Policy Service controls user access to the appliance and to resources, via authentication realms, authentication servers, and access control rules. The Policy Service keeps a status of all users. When a user makes a connection to Work Place / Web Access Service or Client/Server Access Service, these services make connections to Policy Service for user authentication and rule checking. Once these services terminate their connection with Policy Service, Policy Service starts a 15 minute countdown. After 15 minutes, Policy Service times out the user session. See "How the Active Users Count is Updated" below for more information.
How the Active User Count is Updated
The count of users displayed in the Active Users list is controlled by the Policy Service. Currently, this count will not refresh until the Policy Service receives a request to check on status of connections. An example of such a request is a user login to the appliance. At that point, the Policy Service will check status of connections and purge connections from its list which will, in turn, update the list of active users in the Active Users list.
If an administrator sees users who have been logged into the system for a long amount of time, and that knows that they are definitely inactive, it's because Policy Service hasn't received any new requests to update its list. The next time a user logs in, the Active Users list will be updated.
Examples
- WorkPlace user logs in to WorkPlace to check e-mail, use Web applications, access file shares, etc. User walks away from their computer, and returns to it an hour later. At this time, the user's session as timed out. It timed out 15 minutes earlier -- Remember, there was the 30 minute WorkPlace timeout plus a 15 minute Policy Service timeout. The end user must close their browser and log back into the WorkPlace.
- Connect Tunnel user establishes an Connect Tunnel connection, and checks e-mail using Outlook. User closes their Outlook connection, but doesn't close the Connect client, so Connect remains connected. User leaves their computer, and returns five hours later. The connection is still active because the default timeout for Client/Server Access service connections is eight hours and the user didn't reach that limit.
- Connect Tunnel user establishes an Connect Tunnel connection, and checks e-mail using Outlook. User closes their Outlook connection, and closes Connect client, ending the connection. This starts the 15 minute timeout countdown by Policy Service before the end user's connection is timed out completely.
Troubleshooting
Here's how to update policyserver immediately, if you're seeing some "stale" users in active users in AMC. Get on the console of the appliance, and run this command: policyinfo
Now, log into AMC, and refresh the list of active users. It should accurately reflect users that are active on the system. This is a lot easier than logging into the system yourself to get policyserver to update itself.
Related Articles
- Initial Setup Guide of SMA1000 for high security environments
- How can I get root access to SMA100
- SMB SSL-VPN: User principal name (UPN) support on SMB SSL VPN devices
YES
NO