RADIUS Time-Out

Forum|Forum|15 years ago
May 2, 2011
3 replies
12343 views

Hello, We have Forti 100a firewalls that we need to setup for RADIUS authentication. Everything is working except we need the firewall to allow 30-45 seconds for the PhoneFactor RADIUS to complete the call. When logging in remotely, the call comes from PhoneFactor almost immmediately. The problem is the firewall denies the login before we can answer the phone on the 1st ring and press the pound key. PhoneFactor support said we need 30-45 seconds to authenticate. I dont see anything on the RADIUS setup on the Forti. Is there another screen or something in the CLI that needs to be setup? Thanks in advance! Current firmware: v4.0,build0272,100331 (MR2)

Carl_Wallmark

New Member

Hi, and welcome, Take a look at this: remoteauthtimeout <timeout_sec> The number of seconds that the FortiGate unit waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. The range is 0 to 300 seconds, 0 means no timeout. To improve security keep the remote authentication timeout at the default value of 5 seconds. However, if a RADIUS request needs to traverse multiple hops or several RADIUS requests are made, the default timeout of 5 seconds may not be long enough to receive a response. -------------------------------------------------------------------------- In CLI: config system global set remoteauthtimeout 30 end

A

Anonymous_UserAuthor

Contributor

Perfect!!!! Thanks so much for the solution!!!

Carl_Wallmark

New Member

Glad i could help