2.5.2 Ensure Web session timeout is set to less than or equal to 10 minutes

Information

Set the WebUI Session Timeout value for device management to 10 minutes or less to automatically close inactive sessions.

Rationale:

An unattended computer with an open administrative session to the device could allow an unauthorized user access to the firewall's management interface

Solution

Run the following command to Configure the Inactivity Timeout for Web UI.
CLI:

Hostname> set web session-timeout 10

GUI:

Navigate to System Management > Session > Web UI > Inactivity Timeout - Set to 10 or less

Default Value:

10

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-12, CSCv6|16.4

Plugin: CheckPoint

Control ID: be86df2e1f4bb5ba3534fbba547cd1bf564bf971156851a3f443bf04585cd216