Skip to main content
chrisn
New Member
November 19, 2018
Question

Authentication timeout setting

  • November 19, 2018
  • 2 replies
  • 12828 views

I recently upgraded my two FortiGate appliances from 5.4 to 5.6.6, and I'm trying to make the authentication timeout longer (User & Device -> Authentication Settings - Authentication Timeout). According to everything I can find, I should be able to set the timeout up to 4320 minutes (link to manual). However, whenever I try to change it to more than 1440 minutes, I get the error "Please enter a value less than or equal to 1440". This happens through both GUI and CLI. Is there something I am missing in the upgrade process?

 

Here is the output from the CLI interface:

HorstDenver50E # config user setting
 
HorstDenver50E (setting) # set auth-timeout 4320
The auth-timeout value 4320 must be in the range of 1-1440.
 
value parse error before '4320'
Command fail. Return code -61

2 replies

xsilver_FTNT
Staff
Staff
November 19, 2018

Hi,

that looks like documentation bug. Thank you, I'll report it as I haven't found that reported, yet.

Because CLI still shows boundary up onto 1440.

 

c2fgvm (setting) # set auth-timeout ? auth-timeout Enter an integer value from <1> to <1440> (default = <5>).

 

EDIT:

limit actually exist but in slightly different part .. 

c2fgvm # con user group c2fgvm (group) # c2fgvm (group) # edit Alfa-Mans c2fgvm (Alfa-Mans) # set authtimeout authtimeout Enter an integer value from <0> to <43200>.

Dave_Hall
New Member
November 19, 2018

Looks like in a difference section of the 5.6 CLI Reference manual for the user settings, the max authentication timeout value is 1440.

chrisn
chrisnAuthor
New Member
November 19, 2018

So what about the following feature in this document listing new authentication features in FortiOS 5.6?

 

User authentication max timeout setting change (378085)

 

To accommodate wireless hotspot users authenticated on the FortiGate, the user authentication max timeout setting has been extended to three days (from one day, previously).

 

It's listed under "New authentication features added to FortiOS 5.6." Was it removed in later versions of 5.6? Or is it only supported on certain models? I have a FortiGate 50E & 60E.

 

Edit: Ok, I changed the timeout in the user group, and that appears to work. Fortunately I don't have many user groups so this is a viable option. However, there is no visibility through the GUI that there is a custom timeout specified for a certain group. It would be nice to have some indication in the GUI just to minimize possible future headaches if you forget exactly how things are configured.