This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Richard_Carson
Contributor
‎2019-07-31 10:15 PM

not able to set session timeout with mgmt_cli

I can't seem to set a longer then default session timeout using management cli at the moment. For example, if i wanted to increase it to 1200 second over the default 600 seconds i am using the command

mgmt_cli --root true login session-name test-session-timeout session-description test-session-timeout session-timeout 1200 --format json

But after logging in if i run a show session using the returned session id - session timeout still shows as 600seconds. Has anyone else experienced this? i also tried with mgmt_cli --conn-timeout, same result

mgmt_cli --session-id $SID show session

uid: "819cd746-8cd7-4263-bc9b-773ee0a56f65"
name: "test-session-timeout"
type: "session"
domain:
uid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxx"
name: "System Data"
domain-type: "mds"
state: "open"
user-name: "WEB_API"
description: "test-session-timeout"
last-login-time:
posix: 1564636139402
iso-8601: "2019-08-01T06:08+0100"
expired-session: false
application: "WEB_API"
changes: 0
in-work: true
ip-address: "127.0.0.1"
locks: 0
email: ""
phone-number: ""
connection-mode: "read write"
session-timeout: 600
comments: ""
color: "black"
icon: "Objects/worksession"
tags: []
meta-info:
lock: "unlocked"
validation-state: "ok"
last-modify-time:
posix: 1564636140597
iso-8601: "2019-08-01T06:09+0100"
last-modifier: "WEB_API"
creation-time:
posix: 1564636139796
iso-8601: "2019-08-01T06:08+0100"
creator: "WEB_API"
read-only: true

 

 

0 Kudos
7 Replies
Maik
Advisor
‎2019-07-31 11:40 PM

Hey Richard,

I have also experienced this in the past. My guess is that it's related to bug which occurs when somebody is using the "--root true" parameter. If you do not specify this part and instead log in "manually" with a user who has the required set of permissions it is working as expected. Once you want to use the root user - w/o further login steps - the session-timeout defaults to 600. If you still want to use the the root argument you could add the "keepalive" command after a while in order to not let the session time out.

 

Regards,

Maik

0 Kudos
Richard_Carson
Contributor
‎2019-08-01 12:12 AM
In response to Maik

Thank Maik you are correct it works with a username and password. I see the session timeout is set correctly then.

I was actually testing with a certificate user and password rather then -r true using the mgmt_cli -c -p option - it would appear that this mechanism is also blighted by the same bug:( and does not set the session time out to the given length.

0 Kudos
Maik
Advisor
‎2019-08-01 12:15 AM
In response to Richard_Carson

Hm, maybe @Robert_Decker can help us in this case? 🙂

0 Kudos
Tommy_Forrest
Advisor
‎2019-08-01 06:42 AM
In response to Maik

I've just made it a habit to issue "unset TMOUT" when I first log into a CLI.

My fingers remember it down even though my brain doesn't always remember.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-08-02 12:08 PM

What version are you trying this with?

0 Kudos
Richard_Carson
Contributor
‎2019-08-02 05:23 PM
In response to PhoneBoy

This is on R80.10 jumbo take 203. Support have confirmed replication now to.
0 Kudos
PhoneBoy
Admin
Admin
‎2019-08-04 10:52 AM
In response to Richard_Carson

Looks like it is also an issue on R80.20.
Support ticket the way to go here.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top