Educause Security Discussion mailing list archives
Re: Idle and Max. Session Length in Juniper SA
From: "Julian Y. Koh" <kohster () NORTHWESTERN EDU>
Date: Thu, 16 Dec 2010 09:39:25 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At 10:33 AM -0500 12/16/10, Clark, Joseph K wrote:
One complaint we are getting with our test base is in regards to the Idle and Max. Session timeouts. The complaint is they are too short. We currently had it set to 30 minutes Idle and 4 hour max session limit. Does anyone know of any standards or best practices to apply in this case?
When we rolled out our SSL VPN, we kept the same timeouts that we had with our traditional VPN - 30 minutes idle and 12 hours max session length. Some groups/roles have requested different shorter timeouts, which is no problem. No one has requested longer timeouts. One interesting wrinkle is that with a traditional VPN, the idle timeouts are pretty much never triggered because of random traffic that is always coming out of the clients, like DNS queries, file browsing updates, etc etc. So when people started moving to SSL VPN, idle timeouts became a much more frequent occurrence. -----BEGIN PGP SIGNATURE----- Version: 9.9.1.287 wj8DBQFNCjKoDlQHnMkeAWMRAmpQAJ4qoL3HmMhAvUFH6QIVuN5Wbl916wCgpuu8 DEuOytaxbckhEgce9j5pPtA= =9kxa -----END PGP SIGNATURE----- -- Julian Y. Koh <mailto:kohster () northwestern edu> Manager, Network Transport <phone:847-467-5780> Telecommunications and Network Services Northwestern University PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
Current thread:
- Idle and Max. Session Length in Juniper SA Clark, Joseph K (Dec 16)
- Re: Idle and Max. Session Length in Juniper SA Julian Y. Koh (Dec 16)
- Re: Idle and Max. Session Length in Juniper SA Tim Nance (Dec 16)