Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dsharma
Staff
Staff

Created on ‎12-03-2014 04:12 AM Edited on ‎12-01-2024 05:30 PM By Staff

Article Id 191177

Technical Tip: How to de-authenticate a specific authenticated user

Description

 

This article provides instructions on how to de-authenticate users currently authenticated on a FortiGate using CLI or GUI.  

Scope

 
FortiGate and FortiProxy.


Solution

 

  1. Via CLI: This is done in the VDOM where the user was authenticated.

FSSO:
 
diagnose debug authd fsso list <----- Find the username to de-authenticate. This username is used to define the filter.
diagnose debug auth fsso filter  user <----- USERNAME.
diagnose debug authd fsso  clear-logon <----- Clear the filter.
diagnose debug auth fsso filter clear <----- Kerberos User (only available in 5.4 or above).
diagnose wad user list <----- Find the username to de-authenticate
diagnose wad user clear <ID> <IP> <VDOM> <-----Use this command to de-authenticate the user other.
 
diagnose firewall auth list <----- Find the username de-authenticate.  This username is used to define the filter.
diagnose firewall auth filter user<----- USERNAME.
diagnose firewall auth clear <----- Clear the filter.
diagnose firewall auth filter clear
 
  1. Via GUI: For earlier FortiOS versions up to v6.2.x: Login to the FortiGate GUI and go to Monitor -> Firewall User Monitor. Select the concerned user and select the 'De-authenticate' button.
 
 
Starting FortiOS v6.4 to v7.6+: The Firewall User Monitor can be added to the FortiGate GUI Dashboard to access the page where the list of active authenticated users is visible and where it is possible to deauthenticate them.
 
FirewallUserMonitor.jpg
 

To view users who have logged in using FSSO authentication, enable the 'Show all FSSO Logons'.

 

                                                                                                Screenshot 2024-09-04 115520.png

 

 Enable 'Show all FSSO Logons' on the top right corner, to view FSSO login users.

 

                                                                   image (5) (1).png

 

To view firewall users, disable 'Show all FSSO Logons' in the top right corner.

 

FUM2.jpg

 

It is either possible to 'left-click' the username and then press 'Deauthenticate' or 'right-click' the user and select 'Deauthenticate'.

 

Deauthenticate.jpg
26341
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.