Ensure CLI session timeout is set to less than or equal to 10 minutes

Details

Set the CLI Session Timeout value for device management to 10 minutes or less to automatically close inactive sessions.

Rationale:

An unattended computer with an open administrative session to the device could allow an unauthorized user access to the firewall’s management interface

Solution

Run the following command to Configure the Inactivity Timeout for Command Line.
CLI:

Hostname> set inactivity-timeout 10

GUI:

Navigate to System Management > Session > Command Line Shell > Inactivity Timeout – Set to 10 or less

Default Value:

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/2828

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system CheckPoint.

References

800-53|AC-12
CSCv6|16.4

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles