If you want to do it per user group: Remote Access clients configuration based on group membership 

That's exactly what I was looking for. Putting int he required paperwork now to test this next week. Will update with results.

Thanks

Will this work when the user belongs to multiple groups and is there anything I should be wary of regarding this.

The user currently is currently in 4 different user groups. These are used in 4 different VPN rules.

Was thinking of making a new group called ExtendedTimeout and making the ExtendedTimeout.ttf with a 24 hour timeout. Would I just add the user to this group along with the groups they already have? Does this new group need to be used in an access rule anywhere?

I don't believe the group has to be used in the rulebase, the group just needs to exist and users need to be members of it.

Went to make the change this morning but can't find how to properly change the value in the ttm file.

I assume that the section we want to change is the neo_user_re_auth_timeout

From this doc I found the max is 24 hours though. We wanted to change it something closer to a week for this one specific account.

This screenshot is from an older doc I found.

https://downloads.checkpoint.com/fileserver/SOURCE/direct/ID/7262/FILE/Integrity_SecureClient_Mobile... 

Do these values still hold true for max? And if I am able to change it to something else what is the proper syntax?

Currently running R77.30

Finding the docs confusing.

Would I change

:neo_user_re_auth_timeout (
:gateway (endpoint_vpn_user_re_auth_timeout
:default (client_decide)

to

:neo_user_re_auth_timeout (
:gateway (endpoint_vpn_user_re_auth_timeout
:default (1440)

Really want 10080 instead of 1440.

Help please!!   

In sk75221 Remote Access TTM Configuration relevant for the used version, we find that:

Attributes that were defined in the Security Management (SmartCenter) database schema cannot be changed in the TTM file. They can only be changed via SmartDashboard or via the GuiDBEdit tool. Examples: tunnel_idleness_ignored_tcp_ports, tunnel_idleness_timeout, location_awareness_dc_check, location_awareness_enabled etc. More information on these attributes can be found in the Admin Guide. Parameter tunnel_idleness_timeout is listed in sk42850 with a similar comment.

But i think i have found your 8 hours limit:

If you look at my message you see that there is a limit of up to 1440 minutes from what I'm seeing. That is 24 hours. 

I was asking how to modify the ttm file correctly to use this value. Also the screenshot you showed is from the new version which is different from what I understand. 

According to what I'm reading, this should be the correct approach (your modifications to trac_client_1.ttm).

Note while Guenther is showing a screenshot from R80.x, it's the same in R77.30 as well (just "looks" different).

All of those things are true.

Your change looks ok

The only document refering to neo_user_re_auth_timeout is R70 VPN Administration Guide, so i am really eager to know if this works !

I found the answer: endpoint_vpn_user_re_auth_timeout is refered to in sk62581 EndPoint Connect users required to re-authenticate every 480 minutes

Hi @David_Won , how did you change it, via the ttm file or you follow the screenshot of @G_W_Albrecht? Thanks

Hi all,

I just add my question to this thread, because I think the topic is fitting.

How to increase the session length when using "Check Point Capsule VPN" from Microsoft Windows Store?
At the moment the connection drops after 8 hours.

Best regards,
morris

Pretty sure it is these three settings, they are linked so if you change one of them it automatically changes the other two: