FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff
Article Id 190256

Description

This article describes how to calculate 'Authentication Refresh' count-down number which shows under the Authentication Keep-alive page of FortiGate.


Scope

FortiGate.

Solution

To understand where the 'Authentication Refresh' count-down number comes from and know how to calculate it to display as requested.

 

Make sure that the authentication keep-alive page is enabled.

 

How to check if the authentication keep-alive page is enabled/disable

With the following CLI commands:

 

# config system global
    set auth-keepalive enable      <----- Disable by default (set as enable for enabling authentication keep-alive page)
end

FortiGate with VDOM enabled:

 

# config global
# config system global

    set auth-keepalive enable      <----- Disable by default (set as enable for                                          enabling authentication keep-alive page)
end

For Checking/setting Authentication timeout using GUI:

 

a) For FortiGate without VDOM enabled:

Go to User & Device ( User&Authentication ) -> Authentication Settings -> Authentication Settings -> Authentication timeout :Z  minutes.(Z is the value of Authentication timeout.).


 
 
b) For FortiGate with VDOM enabled:
 
Choose the VDOM  to configure -> User&Device ( User&Authentication ) -> Authentication Settings -> Authentication Settings -> Authentication timeout :   Z  minutes.(Z is the value of Authentication timeout.).
 
 

For Checking/setting Authentication timeout using CLI:

 

a) FortiGate without VDOM enabled:

 

#config user setting

set auth-timeout 23               ---> Enter an integer value from <1>                                     to <1440> (default = <5> in minutes)

end

 

b) FortiGATE with VDOM enabled:

 

#config  vdom

edit  <vdom Name>

config  user setting

set auth-timeout 23       23      --->  Enter an integer value from <1> to <1440> (default = <5> in minutes)

end

end

 

How to calculate Authentication Refresh time as shown below snapshot A

Formula for authentication Refresh count-down number  =   Z x 20
 
For example:
Authentication timeout :   23  minutes.
Z = 23
So At 'Authentication Keep-alive' page -> 'Authentication Refresh count-down number
It will show  = Z x 20 = 23 x 20 = 460 seconds to count down.
 
 
Figure : Snapshot A

 

Reference Documents :

https://docs.fortinet.com/document/fortigate/6.4.4/cli-reference/508620/config-user-setting

 

Technical Tip: Authentication keep-alive page

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Authentication-keepalive-page/ta-p/196620

 

Technical Tip: Explanation of auth-timeout types for Firewall authentication users

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explanation-of-auth-timeout-types-for-Fire...

Contributors