Technical Tip: FSSO in polling mode - Avoiding user timeout after 8 hours
Description
With the default settings, FSSO users can lose internet access and get unauthenticated after a while because of default settings.
These timers, however, can be tweaked.
Note that this does not affect the use of the Collector Agent (Agent based FSSO), but only the FortiGate integrated FSSO polling.
This article describes how to change the authentication time for FSSO.
Related links:
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-authentication/SSO-WindowsAD.htm
https://docs.fortinet.com/document/fortigate/6.4.1/cli-reference/501620/user-fsso-polling
Scope
FortiGate in polling mode.
Solution
To change the authentication time for FSSO, change the logon-history to longer time.
- It can be set up to 48 hours.
- It can also be configured as 0 which results in not timeout at all.
With the default settings, FSSO users can lose internet access and get unauthenticated after a while because of default settings.
These timers, however, can be tweaked.
Note that this does not affect the use of the Collector Agent (Agent based FSSO), but only the FortiGate integrated FSSO polling.
This article describes how to change the authentication time for FSSO.
Related links:
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-authentication/SSO-WindowsAD.htm
https://docs.fortinet.com/document/fortigate/6.4.1/cli-reference/501620/user-fsso-polling
Scope
FortiGate in polling mode.
Solution
To change the authentication time for FSSO, change the logon-history to longer time.
# config user fsso-polling- The default setting is for 8 hours.
edit 1
set logon-history <int> (0-48)
next
end
- It can be set up to 48 hours.
- It can also be configured as 0 which results in not timeout at all.
Related Articles