Client Auth - Limits

What can I do here?

Use this window to set:

Client authentication timeout
Permitted number of Client Authentication sessions.

Getting Here - Security Policies > Access Control > Policy > Action column > More > In the actions settings window select Client Auth > click pencil icon > Limits

Note - The Client Auth option is available for layers that only have the firewall blade enabled.

Client Authentication - Limit Options

Authorization Timeout

The Authorization Timeout specifies the length of time after the client is authenticated, during which the specified service will be available to all sessions from the source IP address specified under Source in the relevant rule in the Rule Base.

Indefinite means that either the user must explicitly sign off, or the Check Point Security Gateway administrator must stop and start the Security Gateway in order for the user to no longer be permitted.
Hours and Minutes allows a time limited authorization timeout to be defined.
Refreshable Timeout means the Authorization Timeout period is reset with every new connection authorized by the rule.

Number of Sessions Allowed

Number of Sessions Allowed refers to the number of individual connections the user is allowed to make through the firewall before the authentication expires.

Infinite does not restrict the number of sessions.

Note - With HTTP (or any service that makes many individual connections), the default five connections are quickly used.