PEP Sessions Viewer
Author: Vincent Bacher (vbacher.de) | Version: 1.0 | License: Free to use
Overview
SmartConsole extension for viewing active PEP (Policy Enforcement Point) sessions directly in the gateway Details Panel. Provides real-time session data with search, filter, and drill-down capabilities using the smxProxy API.
Key Features
- Session View: Up to 2000 active sessions per gateway
- Server-side Search: grep-based filtering on gateway before loading data
- Click-to-Detail: Interactive cells for Username/Machine/Client IP → detailed PEP query results in modal
- Sortable Columns: Username, Machine, Client IP, PDP IP, UID
- Detail View: 8 fields including Identity Roles, Log Username, Client Type
- Multi-Domain Support: Automatically inherits domain context
Requirements
| Component |
Requirement |
| SmartConsole |
R80.40 or higher, Extension API 1.2+ |
| Gateway |
Identity Awareness blade enabled, PEP command support |
| Permissions |
get-read-only-session, run-read-only-commands |
| Network |
HTTPS access to extension URL |
Installation
- Open SmartConsole → Manage & Settings → Extensions
- Click Install Extension
- Enter URL:
https://vbacher.de/pep-sessions.json
- Accept permissions
Usage
- Open any Gateway/Cluster object
- Select PEP Sessions tab in Details Panel
- Click Refresh Sessions
Verify Gateway Support
clish -c "pep help"
Technical Details
Architecture
- API: Uses SmartConsole
smxProxy.sendRequest('request-commit')
- Commands:
pep s u a (list), pep s u q usr/mchn/cid (detail)
- Execution: Base64-encoded commands via
run-script
- Parsing: Custom PEP output parser for both list and detail formats
- Performance: 2000 session limit, 90s timeout
Search Modes
- Local: Type in search box → filters loaded sessions client-side
- Remote: Enter term + click Refresh → executes
pep s u a | grep -i "term" on gateway
Data Flow
- User clicks Refresh → Extension builds base64 command
- SmartConsole sends command to Management Server
- Management executes on gateway via run-script
- Response base64-decoded and parsed
- Displayed in table with interactive cells
Use Cases
- Terminal Server: View all sessions from single machine (click Machine column)
- User Tracking: Find all sessions for user across multiple IPs (click Username)
- Troubleshooting: Verify Identity Agent connectivity, check assigned roles
- Audit: Review active sessions, client types, authentication methods
Limitations
2000 Session Limit: Large environments may have more sessions. Use search+refresh to filter on gateway.
90s Timeout: Normal for 2000 sessions, may timeout on slow Management API.
PEP Only: Works with PEP sessions. PDP extension planned separately.
Troubleshooting
Error: "This service is not available"
- Restart SmartConsole (complete restart required)
- Verify URL accessible from workstation
- Check extension loaded in Manage & Settings → Extensions
Error: "No sessions found"
- Verify Identity Awareness blade enabled on gateway
- Test manually:
clish -c "pep s u a"
- Check gateway has active sessions
Error: "Gateway command failed"
- Gateway may not support PEP commands
- Verify clish access:
pep help
- Check Management API connectivity
Screenshots
Future Enhancements
- PDP session viewer (separate extension)
- CSV export
- Custom column configuration
- Session history tracking
Support
Author: Vincent Bacher | Website: vbacher.de
Post questions/feedback in this thread.
Installation URL: https://vbacher.de/pep-sessions.json
and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
