This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Herschel_Liang
Collaborator
‎2020-12-17 03:15 AM
Jump to solution

How to disconnect SNX Users

Some user's passwords may be forced to attack by blackhat. It was used to login in SNX VPN and want to attack the client LAN.

The client found that and is worried about it. They want to disconnect that connection first.

I gave him one command: RAsession_util terminate byuser xxx

After executing that command, he executed two below commands:

RAsession_util show users byname xxx

listusers

but the output is quite different. Did he disconnect SNX User successfully? Why? How should I help the client? Could someone kindly explain what is the difference between the two commands?

Preview file
808 KB
0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend
‎2020-12-17 04:25 AM
Jump to solution

I think you mix up RAsession_util show users all (only for MAB/SNX users) and the VPN tables listusers from sk152132: How to Monitor the Exact Number of Active VPN Tunnels ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2020-12-17 04:25 AM
Jump to solution

I think you mix up RAsession_util show users all (only for MAB/SNX users) and the VPN tables listusers from sk152132: How to Monitor the Exact Number of Active VPN Tunnels ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Herschel_Liang
Collaborator
‎2020-12-17 04:33 PM
In response to G_W_Albrecht
Jump to solution

sk152132 explain is very useful, but I confuse mobile access VPN admin guide description:

Disconnecting Remote Access Users
To disconnect a user:
RAsession_util terminate {all|byuser <user>|bysession_id <id>|custom <sql
constraint>}

It seems like that "RAsession_util terminate XXX" can only disconnect remote access VPN users. I remember that remote access VPN is IPSec VPN while SNX is SSL VPN.

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2020-12-18 01:03 AM
Jump to solution

EPS VPN, Mobile and SecuRemote are the three IPsec VPN flavours, while Mobile Access and SNX uses SSL VPN and can be influenced using RAsession_util.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events