Smart Card Removal Detection

We recommend that you configure Remote Access Clients to disconnect a user session when the user removes the smart card from the reader, or disconnects the card reader from its USB port. The system shows the message:

VPN tunnel has disconnected. Smart card was removed.

To enable Smart Card removal detection:

1. Edit the $FWDIR/conf/trac_client_1.ttm file on the Security Gateway.

2. Locate the :disconnect_on_smartcard_removal line:

   :disconnect_on_smartcard_removal (

   :gateway (

   :default (VALUE)

   )

   )

3. Change the :default value as required:

   • true - Enables smart card removal detection for all connections to the current gateway.

   • false - Disables smart card removal detection for all connections to the current gateway.

   • client_decide - Enables or disables smart card removal detection individually for each client.

4. Save the file.

5. Install the policy.

   When clients download the new policy from the Security Gateway, configuration changes are applied.