Skip to main content
jseeley
jseeley
New Member
August 3, 2021
Question

FortiClient Auth Timeout

  • August 3, 2021
  • 2 replies
  • 3665 views

Hello,

 

Our FortiClient SSL VPN users connect using a username and password with a push prompt for MFA using Cisco Duo. The FortiGate has a RADIUS connection to a server running Duo proxy. Everything works great until the auth timeout is reached. When the auth timeout is reached, users are prompted to accept the MFA/Duo push but they aren't asked to sign into the FortiClient again with their username and password. All the user has to do to stay connected is to accept the MFA push without having to re-enter their credentials. I want for the users to have to re-enter their credentials plus the MFA push, not just the MFA push.

 

Does anyone know why this is happening?

    2 replies

    dbhavsar
    Staff
    dbhavsar
    Staff
    September 20, 2023

    Hello @jseeley ,

    Please try increasing the remoteauthtimeout value to 120 and see if it works. That setting is under global. You can use following command:
    config sys global
    set remoteauthtimeout 120
    end

    test again if that helps.
    Reference articles:
    https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-and-two-factor-expiry-timers/ta-p/191661
    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explaining-global-set-remoteauthtimeout-user/ta-p/229136

     

     

    hbac
    Staff
    hbac
    Staff
    September 21, 2023

    Hi @jseeley,

     

    What is the FortiClient version? Is it managed by FortiClient EMS? Do you have "Save Password" option enabled on FortiClient? https://docs.fortinet.com/document/forticlient/7.2.1/administration-guide/437773/save-password-auto-connect-and-always-up

     

    Regards, 

    Terms & ConditionsAccessibility statement