FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
js2
Staff
Staff
Article Id 253022
Description

 

This article provides describes how to extend the captive portal timeout period for 30 days.

 

Scope

 

FortiGate v7.0 and v7.2.

 

Solution

 

By default, the captive portal auth timeout is set to 5 mins and can be extended for max of one day. In this case, the users are forced to re-authenticate every day.

 

# config user setting
    set auth-timeout 1 to 1440 (default = <5>)
end

 

To extend the timeout, it is possible to change the auth-timeout-type to hard-timeout and increase the auth timeout to 43200 in a user group. 

In this case, the timer configured in the group will take precedence.

 

# config user setting
    set auth-cert "Fortinet_Factory"
    set auth-on-demand always
    set auth-timeout 1
    set auth-timeout-type hard-timeout
end

 

# config user group
    edit "local"
        set authtimeout 43200
        set member "testa"
    next

 

it is possible to verify on the time left in GUI under the Firewall user monitor or using the below command:


# diag firewall auth list

10.102.0.2, testa
src_mac: 00:63:68:61:09:01
type: fw, id: 0, duration: 1135, idled: 6
expire: 2590866 <----- Timer gets reflected as per local group created.
flag(804): hard no_idle
packets: in 1640 out 758, bytes: in 1791859 out 99346
user_id: 16777222
group_id: 4
group_name: local

Contributors