Skip to main content
dsharma
Staff
dsharma
Staff
December 3, 2014

Technical Tip: How to de-authenticate a specific authenticated user

  • December 3, 2014
  • 0 replies
  • 27390 views

Description

 

This article provides instructions on how to de-authenticate users currently authenticated on a FortiGate using CLI or GUI.  

Scope

 
FortiGate and FortiProxy.


Solution

 

  1. Via CLI: This is done in the VDOM where the user was authenticated.

FSSO:
 
diagnose debug authd fsso list <----- Find the username to de-authenticate. This username is used to define the filter.
diagnose debug auth fsso filter  user <----- USERNAME.
diagnose debug authd fsso  clear-logon <----- Clear the filter.
diagnose debug auth fsso filter clear <----- Kerberos User (only available in 5.4 or above).
diagnose wad user list <----- Find the username to de-authenticate
diagnose wad user clear <ID> <IP> <VDOM> <-----Use this command to de-authenticate the user other.
 
diagnose firewall auth list <----- Find the username de-authenticate.  This username is used to define the filter.
diagnose firewall auth filter user<----- USERNAME.
diagnose firewall auth clear <----- Clear the filter.
diagnose firewall auth filter clear
 
  1. Via GUI: For earlier FortiOS versions up to v6.2.x: Login to the FortiGate GUI and go to Monitor -> Firewall User Monitor. Select the concerned user and select the 'De-authenticate' button.
 
 
Starting FortiOS v6.4 to v7.6+: The Firewall User Monitor can be added to the FortiGate GUI Dashboard to access the page where the list of active authenticated users is visible and where it is possible to deauthenticate them.
 
FirewallUserMonitor.jpg
 

To view users who have logged in using FSSO authentication, enable the 'Show all FSSO Logons'.

 

                                                                                                Screenshot 2024-09-04 115520.png

 

 Enable 'Show all FSSO Logons' on the top right corner, to view FSSO login users.

 

                                                                   image (5) (1).png

 

To view firewall users, disable 'Show all FSSO Logons' in the top right corner.

 

FUM2.jpg

 

It is either possible to 'left-click' the username and then press 'Deauthenticate' or 'right-click' the user and select 'Deauthenticate'.

 

Deauthenticate.jpg
Terms & ConditionsAccessibility statement