Re: Idle and Max. Session Length in Juniper SA

[Tim Nance <nancet () SHANDS UFL EDU>]

Joseph,
We have been running the Juniper SSL for a few years now and our settings for most users (90+%) is the same as what you 
have set:  4 hour max sessions with a 30 minute idle timeout.  We have some users that transfer rather large studies or 
need to maintain connectivity for longer periods of time and we address by creating separate roles for them.
For vendors, we create a separate role for each with a default of 1 hour max session and 10 minute timeout.  If they 
are performing upgrades or other maintenance that needs a longer timeout, we temporarily increase it for them.  For 
some of the other vendor roles which need longer times outs, we increase it to a reasonable amount depending upon their 
needs.
 
--tim
 
Timothy M. Nance 
Information Security Analyst
University of Florida Academic Health Center

 
 

> > > "Clark, Joseph K" <ClarkJK () COFC EDU> 12/16/2010 10:33 AM >>>
We are in the testing phases of rolling out Juniper SSL VPN to our VPN
users. One complaint we are getting with our test base is in regards to
the Idle and Max. Session timeouts. The complaint is they are too short.
We currently had it set to 30 minutes Idle and 4 hour max session limit.
Does anyone know of any standards or best practices to apply in this
case? Or what have you found to work at your institution?

Thanks,
Joseph Clark
College of Charleston