One of the requirements for getting PCI accreditation is:
"Automatic disconnect of sessions for remote-access technologies after a specific period of inactivity" - PCI V3 requirement 12.3.8
In effect, PCI requires that remote VPN sessions must time out after a period of inactivity: fifteen minutes, we've been told. I know that this timeout can be set at the client end for some of the VPN clients (eg the IPSec VPN client), but is there a type of VPN client where the timeout can be set at the UTM end, in Webadmin? I can't see anything, but I may just have missed the blindingly obvious...
I don't think the auditors are going to be happy with a setting that can be changed by the users: if there's no solution to this issue (which is going to affect anyone who needs PCI accreditation) we'll have to look at using a different solution for our remote users.
Any help/advice that anyone can give will be much appreciated.
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
