Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff

Created on ‎03-30-2021 09:07 AM Edited on ‎04-18-2022 09:14 AM By Anonymous

Article Id 190256

Technical Tip: How to calculate 'Authentication Refresh' count-down number of FortiGate's' 'Authentication Keepalive' page

Description

This article describes how to calculate 'Authentication Refresh' count-down number which shows under the Authentication Keep-alive page of FortiGate.


Scope

FortiGate.

Solution

To understand where the 'Authentication Refresh' count-down number comes from and know how to calculate it to display as requested.

 

Make sure that the authentication keep-alive page is enabled.

 

How to check if the authentication keep-alive page is enabled/disable

With the following CLI commands:

 

# config system global
    set auth-keepalive enable      <----- Disable by default (set as enable for enabling authentication keep-alive page)
end

FortiGate with VDOM enabled:

 

# config global
# config system global
    set auth-keepalive enable      <----- Disable by default (set as enable for                                          enabling authentication keep-alive page)
end

For Checking/setting Authentication timeout using GUI:

 

a) For FortiGate without VDOM enabled:

Go to User & Device ( User&Authentication ) -> Authentication Settings -> Authentication Settings -> Authentication timeout :Z  minutes.(Z is the value of Authentication timeout.).


 
 
b) For FortiGate with VDOM enabled:
 
Choose the VDOM  to configure -> User&Device ( User&Authentication ) -> Authentication Settings -> Authentication Settings -> Authentication timeout :   Z  minutes.(Z is the value of Authentication timeout.).
 
 

For Checking/setting Authentication timeout using CLI:

 

a) FortiGate without VDOM enabled:

 

#config user setting

set auth-timeout 23               ---> Enter an integer value from <1>                                     to <1440> (default = <5> in minutes)

end

 

b) FortiGATE with VDOM enabled:

 

#config  vdom

edit  <vdom Name>

config  user setting

set auth-timeout 23       23      --->  Enter an integer value from <1> to <1440> (default = <5> in minutes)

end

end

 

How to calculate Authentication Refresh time as shown below snapshot A

Formula for authentication Refresh count-down number  =   Z x 20
 
For example:
Authentication timeout :   23  minutes.
Z = 23
So At 'Authentication Keep-alive' page -> 'Authentication Refresh count-down number
It will show  = Z x 20 = 23 x 20 = 460 seconds to count down.
 
 
Figure : Snapshot A

 

Reference Documents :

https://docs.fortinet.com/document/fortigate/6.4.4/cli-reference/508620/config-user-setting

 

Technical Tip: Authentication keep-alive page

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Authentication-keepalive-page/ta-p/196620

 

Technical Tip: Explanation of auth-timeout types for Firewall authentication users

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explanation-of-auth-timeout-types-for-Fire...

2857
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.