Dear all, While configuring UTM and AP50, I came to this following setting: Sessions Expires. The minimum can be set at 2 hours while the maximum at 1 week. I was wondering, first: What is the purpose, in terms of security, of such setting. "Everybody" says "it's useful for security reasons". What are those security reasons ? The main reason we activated such option is to avoid the session cookie to be stolen. Re-authentication will create a new session cookie. Secondly, is there any way to increase such setting with more than 1 week? I'm getting a lot of complains about users saying that " they don't want to login to the Wi-Fi because they don't do it at home". Thanks a lot for your help. Kind regards,

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sessions Expires (AP50)

Dear all,

While configuring UTM and AP50, I came to this following setting: Sessions Expires. The minimum can be set at 2 hours while the maximum at 1 week. I was wondering, first:

What is the purpose, in terms of security, of such setting. "Everybody" says "it's useful for security reasons". What are those security reasons ? The main reason we activated such option is to avoid the session cookie to be stolen. Re-authentication will create a new session cookie.
Secondly, is there any way to increase such setting with more than 1 week? I'm getting a lot of complains about users saying that " they don't want to login to the Wi-Fi because they don't do it at home".

Thanks a lot for your help.

Kind regards,

This thread was automatically locked due to age.

0 BAlfson over 8 years ago

Hi, and welcome to the UTM Community!

What is the justification for using a Hotspot? If this is for an employee WLAN, why not do without the Hotspot and configure the Wireless Network as "WPA2 Enterprise?"

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 LucaGobbo over 8 years ago in reply to BAlfson

Hi,

thank you for your feedback.

We would like to have a double security, in order to have an (1) encrypted connection to the AP as well as (2) an authentication through LDAP.

So an employee would connect to the AP and then authenticate to the network.

Kind regards,
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 8 years ago in reply to LucaGobbo

With WPA2 Enterprise, the device can't connect unless it authenticates via RADIUS. It's either that or the employees will have to put up with signing in once a week.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel