Configuring an automatic logout for idle sessions - TMSH


A session lock is a temporary network device- or administrator-initiated action taken when the administrator stops work but does not log out of the network device. Rather than relying on the user to manually lock their management session prior to vacating the vicinity, network devices need to be able to identify when a management session has idled and take action to initiate the session lock. Once invoked, the session lock shall remain in place until the administrator re-authenticates. No other system activity aside from re-authentication shall unlock the management session.


To configure an automatic logout for tmsh idle sessions, perform the following procedure:

1. Log in to tmsh by typing the following command:

2. To configure an automatic logout idle time for tmsh sessions, use the following command syntax:
modify /cli global-settings idle-timeout <minutes>

3. For example, to configure a 15-minute automatic logout idle time, type the following command:
modify /cli global-settings idle-timeout 15

4. Save the change by typing the following command:
save /sys config

See Also

Item Details


References: 800-53|AC-11a., CAT|II, CCI|CCI-000057, Rule-ID|SV-74523r2_rule, STIG-ID|F5BI-DM-000007, Vuln-ID|V-60093

Plugin: F5

Control ID: 16dd536201283417ccf0a111a98c9dff951c5d459aed162e99172f95b008ed59