FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 197472



This article describes how to set the time before an idle SSH session times, thus forcing the administrator to retry the login to the unit.
In older FortiGate versions this was helpful to speed-up the timeout when a wrong username has been entered.
The prompt would not include the username, only the password, so that needed to re-establish the session, or wait for it to timeout.
The newer FortiOS versions prompt for the username as well in case of invalid credentials, but this timer is still useful to allow the users more time to input the credetials.



This controls the amount of inactive time before the administrator must authenticate to the FortiGate after connection is established.
The range can be between 10 and 3600 seconds.
Per documentation:
'Maximum time in seconds permitted between making an SSH connection to the FortiGate and authenticating (10 - 3600 sec (1 hour), default 120)'.

This is how to configure it:

# config system global
   set admin-ssh-grace-time <number_of_seconds> (default: 120s)