Educause Security Discussion mailing list archives
Re: Idle and Max. Session Length in Juniper SA
From: Tim Nance <nancet () SHANDS UFL EDU>
Date: Thu, 16 Dec 2010 11:02:33 -0500
Joseph, We have been running the Juniper SSL for a few years now and our settings for most users (90+%) is the same as what you have set: 4 hour max sessions with a 30 minute idle timeout. We have some users that transfer rather large studies or need to maintain connectivity for longer periods of time and we address by creating separate roles for them. For vendors, we create a separate role for each with a default of 1 hour max session and 10 minute timeout. If they are performing upgrades or other maintenance that needs a longer timeout, we temporarily increase it for them. For some of the other vendor roles which need longer times outs, we increase it to a reasonable amount depending upon their needs. --tim Timothy M. Nance Information Security Analyst University of Florida Academic Health Center
"Clark, Joseph K" <ClarkJK () COFC EDU> 12/16/2010 10:33 AM >>>
We are in the testing phases of rolling out Juniper SSL VPN to our VPN users. One complaint we are getting with our test base is in regards to the Idle and Max. Session timeouts. The complaint is they are too short. We currently had it set to 30 minutes Idle and 4 hour max session limit. Does anyone know of any standards or best practices to apply in this case? Or what have you found to work at your institution? Thanks, Joseph Clark College of Charleston
Current thread:
- Idle and Max. Session Length in Juniper SA Clark, Joseph K (Dec 16)
- Re: Idle and Max. Session Length in Juniper SA Julian Y. Koh (Dec 16)
- Re: Idle and Max. Session Length in Juniper SA Tim Nance (Dec 16)