PEP Sessions Viewer

Overview

SmartConsole extension for viewing active PEP (Policy Enforcement Point) sessions directly in the gateway Details Panel. Provides real-time session data with search, filter, and drill-down capabilities using the smxProxy API.

Key Features

• Session View: Up to 2000 active sessions per gateway
• Server-side Search: grep-based filtering on gateway before loading data
• Click-to-Detail: Interactive cells for Username/Machine/Client IP → detailed PEP query results in modal
• Sortable Columns: Username, Machine, Client IP, PDP IP, UID
• Detail View: 8 fields including Identity Roles, Log Username, Client Type
• Multi-Domain Support: Automatically inherits domain context

Requirements

Installation

1. Open SmartConsole → Manage & Settings → Extensions
2. Click Install Extension
3. Enter URL: https://vbacher.de/pep-sessions.json
4. Accept permissions

Usage

1. Open any Gateway/Cluster object
2. Select PEP Sessions tab in Details Panel
3. Click Refresh Sessions

Verify Gateway Support

clish -c "pep help"

Technical Details

Architecture

• API: Uses SmartConsole smxProxy.sendRequest('request-commit')
• Commands: pep s u a (list), pep s u q usr/mchn/cid (detail)
• Execution: Base64-encoded commands via run-script
• Parsing: Custom PEP output parser for both list and detail formats
• Performance: 2000 session limit, 90s timeout

Search Modes

• Local: Type in search box → filters loaded sessions client-side
• Remote: Enter term + click Refresh → executes pep s u a | grep -i "term" on gateway

Data Flow

1. User clicks Refresh → Extension builds base64 command
2. SmartConsole sends command to Management Server
3. Management executes on gateway via run-script
4. Response base64-decoded and parsed
5. Displayed in table with interactive cells

Use Cases

• Terminal Server: View all sessions from single machine (click Machine column)
• User Tracking: Find all sessions for user across multiple IPs (click Username)
• Troubleshooting: Verify Identity Agent connectivity, check assigned roles
• Audit: Review active sessions, client types, authentication methods

Limitations

Troubleshooting

Error: "This service is not available"

• Restart SmartConsole (complete restart required)
• Verify URL accessible from workstation
• Check extension loaded in Manage & Settings → Extensions

Error: "No sessions found"

• Verify Identity Awareness blade enabled on gateway
• Test manually: clish -c "pep s u a"
• Check gateway has active sessions

Error: "Gateway command failed"

• Gateway may not support PEP commands
• Verify clish access: pep help
• Check Management API connectivity

Screenshots

Future Enhancements

• PDP session viewer (separate extension)
• CSV export
• Custom column configuration
• Session history tracking

Support

Author: Vincent Bacher | Website: vbacher.de
Post questions/feedback in this thread.

Installation URL: https://vbacher.de/pep-sessions.json