Skip to main content
lucadd
lucadd
New Member
November 20, 2019
Question

SSL Portal - Time to type FortiToken too short

  • November 20, 2019
  • 1 reply
  • 3209 views

Hello, we use a ssl portal with a FortiToken provisioned by a FortiAuthenticator (as a Radius server in the FG). During the login form, just appear the request of the token, it disappear after few seconds and the user see an Error: Permission denied. The same system is used for login to administration mgmnt of the firewall and in this case working fine, the token request form it's show for some minutes.

 

The problem happen only in this device (FG 100D, 6.2 firmware).

 

I have checked some timeout settings but there are in default time..as for other units.

 

During the diagnose debug, when appear the form to put the token, the log will blocked in fam_auth_send_req:583 with server blacklist:.

 

After few second the fill disappear and in the log see: fam_auth_send_req_internal:461 fnbam_auth return: 4

and the user see "Error: Permission denied."

diagnose debug application sslvpn -1
diagnose debug enable

    1 reply

    Philippe_Gagne
    Philippe_Gagne
    New Member
    November 20, 2019

    Hello,

     

    I got the same issue with Microsoft MFA with SSLVPN Login. I had to change the "remoteauthtimeout" value

     

    config system global

    set remoteauthtimeout 30

    end

     

    30 seconds is the value recommended by Microsoft, but for FortiToken, may 10 to 15 seconds should be enough.

     

    Regards,

     

    Philippe

     

    lucadd
    lucaddAuthor
    New Member
    November 20, 2019

    Hello Philippe, very good!

    Now work. I have configured 20 sec in test and could be fine also in production.

     

    Have a nice day.

    Thx,

    Terms & ConditionsAccessibility statement