https://community.checkpoint.com/t5/SASE-and-Remote-Access/Log-out-designated-RA-VPN-users/m-p/80689#M10821 <P>Good day everyone.</P><P>I am looking for advise on the best way to force designated RA User VPN users off of VPN.</P><P>The requirement is to force the user offline in such a way that they would have to authenticate again to (or not to) gain VPN access again.</P><P>In this use case the backend authentication is completed via AD.&nbsp; In testing disabling the user AD account does not automatically disconnect their VPN session.</P><P>Thoughts?</P><P>&nbsp;</P> Fri, 03 Apr 2020 00:21:49 GMT Ave_Joe 2020-04-03T00:21:49Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Log-out-designated-RA-VPN-users/m-p/80689#M10821 <P>Good day everyone.</P><P>I am looking for advise on the best way to force designated RA User VPN users off of VPN.</P><P>The requirement is to force the user offline in such a way that they would have to authenticate again to (or not to) gain VPN access again.</P><P>In this use case the backend authentication is completed via AD.&nbsp; In testing disabling the user AD account does not automatically disconnect their VPN session.</P><P>Thoughts?</P><P>&nbsp;</P> Fri, 03 Apr 2020 00:21:49 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Log-out-designated-RA-VPN-users/m-p/80689#M10821 Ave_Joe 2020-04-03T00:21:49Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Log-out-designated-RA-VPN-users/m-p/80848#M10822 You can use RAsession_util (a CLI-based tool) for this.<BR />However, it is OFF by default and requires a cprestart in order to activate it. Sun, 05 Apr 2020 03:50:49 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Log-out-designated-RA-VPN-users/m-p/80848#M10822 PhoneBoy 2020-04-05T03:50:49Z https://community.checkpoint.com/t5/SASE-and-Remote-Access/Log-out-designated-RA-VPN-users/m-p/80850#M10823 <P>1. Find user's source IP of his/her workstation</P> <P>2. Go to the gateway where the user is connected and needs to be disconnected</P> <P>3. Issue command "vpn tu"</P> <P>4.&nbsp;<SPAN>Delete all IPsec+IKE SAs for a given User (Client)</SPAN></P> <P>5. Repeat steps 2-4 for all relevant gateways</P> <P>6. User is disconnected from all desired gateways</P> Sun, 05 Apr 2020 05:31:58 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Log-out-designated-RA-VPN-users/m-p/80850#M10823 JozkoMrkvicka 2020-04-05T05:31:58Z