ssl VPN auth-timeout

Forum|Forum|4 years ago
June 10, 2021
4 replies
5405 views

I have a fortigate 6.0.9 that we use for SSL VPNs, I have set vpn ssl settings with the default auth-timeout 28800 seconds

in the logs I see that there are a lot of sessions with duration much longer than 28800 seconds and I can see SSL VPN tunnel down with reason auth timeout after more than 45000 seconds

is this a normal behaviour?

Thanks

6.0

FortiNitish

Staff

You can refer the below document for the auth timeout setting in fortigate

https://community.fortinet.com/t5/FortiGate/Technical-Tip-auth-timeout-setting-for-SSL-VPN/ta-p/220586

Toshi_Esumi

SuperUser

To me it's impossible unless it's a bug. The auth-timer is countdown timer starting with the setting. We set longer than 8h and it always lower than that because it's counting down. So never goes beyond the initial value.

xxxxx-fg2 (corp) # get vpn ssl monitor
SSL-VPN Login Users:
Index User Group Auth Type Timeout Auth-Timeout From HTTP in/out HTTPS in/out Two-factor Auth
0 xxxxxx a-user-g 2(1) 19882 19882 x.x.x.x 0/0 0/0 0
2 yyyyyy a-user-g 2(1) 28793 29736 y.y.y.y 0/0 0/0 0

0 xxxxxx a-user-g 2(1) 19837 19837 x.x.x.x 0/0 0/0 0
2 yyyyyy a-user-g 2(1) 28794 29691 y.y.y.y 0/0 0/0 0

Toshi

smayank

Staff

Hello

Idle Timeout: The idle-timeout is period of time in seconds that the SSL VPN will wait before timing out.

Auth-Timeout : The auth-timeout is period of time in seconds that the SSL VPN will wait before re-authentication is enforced.
So this issue is there in some ols versions, from 7.0.8 it is fixed.

Thanks & Regards
Mayank Sharma

mgoswami

Staff

Hi,

May I know if you have tested this from any other Forticlient version?

BR,

Manosh

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded