Description
This article describes the available options and explains how user 'authtimout' is actually enforced.
There are many places in the configuration to set 'authtimout'.
Solution
The value is actually applied to specific hierarchical rules outlined below.
'authtimeout' values are selected in the following order.
- User #. <----- Highest level.
- User group.
- User setting.
By default, the user and user group 'authtimeout' values are 0 and hence user setting 'authtimeout' value will take precedence.
When 'authtimeout' is configured, upper levels override lower levels.
authtimeout value is in minutes.
Sample configurations.
- If the specific timeout value is configured for the user, then it needs to set the user 'authtimeout' at the user level.
config user local
edit <username>
set authtimeout xx <----- Integer value from <0> to <1440>.
end
With this setting, user authentication will get authtimeout at xx minutes depending on 'auth-timeout-type'.
- If the specific timeout value is configured for the user group then it needs to set user 'authtimeout' at the user group level.
config user group
edit <user group name>
set authtimeout xx <----- Integer value from <0> to <1440>.
end
With this setting, user authentication belonging to a specific user group will get authtimeout at xx minutes depending on auth-timeout-type.
- If authtimeout is not set in the user/user group level then authtimeout value in the user setting will be applied for all users.
config user setting
set authtimeout xx <----- Integer value from <0> to <1440>.
end
Related Article:
Technical Tip: Change session ttl on firewall policy
