Limit the length of idle sessions for administrators to specify login password and session timeout behavior of the Barracuda CloudGen Firewall. After the initial login with password, certificate, smartcard, or eToken, a session password is dynamically created and used for subsequent access. The session timeout sets the time until the session password is discarded and the user must reconnect or log in again.
Configure Session Limits
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Control.
- In the left menu, select Administrative Sessions.
- Click Lock.
- In the Firewall Admin Max. Idle field, specify the maximum number of minutes that a Barracuda Firewall Admin session can be idle before it is closed. After the session is closed, you must reconnect. If RADIUS or TOTP was used as the authentication method, or when using a session password (smartcard or eToken), you must log back in.
- In the Console Max. Idle field, specify the maximum number of minutes that a shell/SSH session can be idle before it is closed.
- (optional) To use session passwords, set Disable Session Passwords to yes. This will generate a session password after successful authentication. Recommended for smartcard or eToken authentication.
- Click Send Changes and Activate.