Jump to content


Photo

Kill an ipsec VPN connection from the admin console


Best Answer Gavin Chappell, 07 April 2020 - 01:07 PM

Correct - because under normal circumstances you would WANT the client to reconnect. However in your first post, and in my post, we both referenced making a change in order to stop the user from authenticating (removing group membership, disabling accounts, etc). If you do this action and terminate the connection then the client should be unable to reauthenticate which would be the part that stops them from reconnecting automatically. Essentially, if the connection is lost you normally WANT the client to reconnect because this gives a more transparent user experience, but there are things you can do on the server in order to stop the client from reconnecting.

Go to the full post


  • Please log in to reply
7 replies to this topic

#1 Michael Manning

Michael Manning
  • Members
  • 270 posts
  • LocationOhio, USA

Posted 30 March 2020 - 12:37 PM

Is there a way to do this? Suppose I have a remote user connected to my network through a VPN session and for whatever reason we want to kill their VPN connection. Just changing their network access properties in Active Directory for example doesn't cause the session to disconnect. I want to know if there is a way to IMMEDIATELY kill their connection. I know I and others have asked about this in the past on both the X and F series firewalls but still nothing.



#2 juanrosi

juanrosi
  • Members
  • 10 posts

Posted 01 April 2020 - 04:15 AM

I have the same problems.



#3 Finlay Morgan

Finlay Morgan
  • Members
  • 10 posts

Posted 02 April 2020 - 09:14 AM

I would like to know more about it. Thanks!



#4 Gavin Chappell

Gavin Chappell
  • Moderators
  • 441 posts
  • LocationNottingham, UK

Posted 04 April 2020 - 08:44 AM

In Firewall Admin this should be possible from the VPN tab, under the Client-to-Site section, by right clicking a session and choosing to Terminate it. I'm not sure about the web UI (I never use it) but there may be a similar feature. You would obviously want to do something beforehand to stop them from reconnecting, as otherwise the client may immediately reconnect and open a new session.



#5 Finlay Morgan

Finlay Morgan
  • Members
  • 10 posts

Posted 04 April 2020 - 09:15 AM

Thanks a lot for the updates. Glad to get your reply. :)



#6 Michael Manning

Michael Manning
  • Members
  • 270 posts
  • LocationOhio, USA

Posted 07 April 2020 - 12:57 PM

Gavin, 

 

and therein lies the problem Terminate maybe momentarily interrupts the connection but the client immediately reconnects. This of course if beneficially under conditions where a user maybe has a flaky connection and needs the client to reconnect automatically if there a blips in there internet connection, but not so much if I'm intentionally trying to boot them off the VPN



#7 Gavin Chappell

Gavin Chappell
  • Moderators
  • 441 posts
  • LocationNottingham, UK

Posted 07 April 2020 - 01:07 PM   Best Answer

Correct - because under normal circumstances you would WANT the client to reconnect. However in your first post, and in my post, we both referenced making a change in order to stop the user from authenticating (removing group membership, disabling accounts, etc). If you do this action and terminate the connection then the client should be unable to reauthenticate which would be the part that stops them from reconnecting automatically. Essentially, if the connection is lost you normally WANT the client to reconnect because this gives a more transparent user experience, but there are things you can do on the server in order to stop the client from reconnecting.



#8 Michael Manning

Michael Manning
  • Members
  • 270 posts
  • LocationOhio, USA

Posted 09 April 2020 - 09:17 AM

ah, right, good point.