|
|
|
|
|
The Home Page displays a few extra sections for administrators, including configuration hints, and a summary of currently active sessions. Within active sessions, you can view lists of currently signed on users, and lists of locked out users. This information is organization wide for regular administrators, and system wide for sysadmins.
Administrators of new organizations are shown several suggested configuration tasks to perform, including adding users and configuring access rules. These are items generally necessary for correct operation of a DMZ organization. Links are provided to take the administrator directly to the referenced pages.
For SysAdmins of new DMZ installations, several system configuration hints are shown on the home page. These are items generally necessary for correct operation of a DMZ system. As with regular administrator hints, links are provided to take the SysAdmin directly to the referenced pages.
Configuration hints may also be shown for administrators of existing organizations, if a specific configuration item may require their attention. For example, if an organization's user count is approaching the Maximum User List Count value, administrators will receive a configuration hint regarding this, informing them that they may experience a change in behavior.
Another example is if an organization's user count is approaching the Maximum User Count value (within 10% of the configured maximum), administrators will receive a configuration hint regarding this.
The Session Summary section shows the number of active sessions by interface type, which is the interface to which the user is connected, such as Web, FTP, SSH). The summary also shows the number of unique users connected to the various interfaces, and the total number of current sessions.
Clicking the 'Session Manager' link shows the Active Sessions section.
The Active Sessions section displays a list of currently signed on users. Information such as IP address, interface type, and time of last action are included in the list. Organization administrators see a list of all signed on users in their organization, while for sysadmins, the list includes all users throughout the entire DMZ system that are currently signed on. On web farm systems, the node number the user is signed on to is also displayed.
In the event of a large number of active sessions entries being present, the list will be limited to 1,000 entries for performance reasons. If this limit is reached, a note will be displayed indicating this fact.
The "timeout" listed indicates how many minutes are left before the session will expire. This value is the number of minutes an inactive session times out after (by default 20 minutes) minus the number of minutes it has been since the session was last active. Almost all sessions should use the same timeout value except for active file transfer sessions, which usually enjoy a longer session timeout.
Individual sessions can be removed by clicking the Remove link in the Actions column and clicking Yes on the following confirmation page. All the current sessions can be removed at once by clicking the Remove All Sessions link at the bottom of the session list (this action will also require confirmation). Be aware that it is possible for the current user to remove their own session, either by clicking the Remove link for their session, or by clicking the Remove All Sessions link. If this is done, the current user will be returned to the signon screen immediately following the action.
The Locked Out Users section displays a list of currently locked out users. These are users who have attempted and failed to sign on to the system too many times in too short a timespan. (These values are controlled in the Username Lockouts settings page.) The time of their lockout is shown, along with links to unlock the account, delete the account, or unlock all locked out users. Also, if lockout expirations are configured, a message informing you of the lockout expiration setting is shown. As with the Active Sessions section, an organization administrator sees a list of all locked out users in their organization, while a sysadmin sees a list of all locked out users on the system.
