Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ymorohashi
Staff
Staff

Created on ‎07-01-2015 07:42 PM Edited on ‎03-25-2022 09:53 AM By Anonymous

Technical Tip : What is the meaning of 'admin-console-timeout 0'

Description

 

From the FortiOS Handbook, zero value is described as below:
'An idle timeout has been added for FortiGate console sessions (admin sessions connecting to a FortiGate console port or USB port).
By default the console timeout is set to 0 and console sessions will never timeout'.
 
The FortiGate CLI offers additional explanations:
'Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout'.

So the console session can still be disconnected even if configuring 'admin-console-timeout 0'.
The value of '0'  will make FortiGate consider the 'admintimeout' setting.


Solution

 

The expected behavior is as follows.  Firstly, '0' means "admin-console-timeout" is not enabled.  In this case, 'admintimeout' is used as console session idle timer. 
 
In the following configuration:
    FortiGate # config system global
    FortiGate (global) # show full-configuration | grep timeout
        set admin-console-timeout 0
        set admintimeout 1
        set device-idle-timeout 300
        set proxy-auth-timeout 300
        set ldapconntimeout 500
        set remoteauthtimeout 5

    FortiGate (global) #
'admin-console-timeout' is 0.  admintimeout is configured as 1 min.
So the console session will be disconnected after 1 minunte of idle time as admintimeout.

'admin-console-timeout' is allowed to be configured in the range of 15-300 seconds from the CLI.
    FortiGate # config system global
    FortiGate (global) # show full-configuration | grep timeout
        set admin-console-timeout 20
        set admintimeout 1
        set explicit-proxy-auth-timeout 300
        set ldapconntimeout 500
        set remoteauthtimeout 5

    FortiGate (global) #

'admin-console-timeout' is configured as 20 sec in this example.
The console session idle timer is overwritten from 'admintimeout 1 (min)' to 20 sec.
 

admin-console-timeout >> Enter an integer value from <15> to <300> or (special = <0>). SECONDS.

 

This is intended to lower the timeout for a console session to a matter of seconds.

But to have a longer time while the session is active, this setting should be disabled (0), and the duration in this case will be given by the admintimeout value in minutes
admintimeout -> Enter an integer value from <1> to <480> (default = <5>).

MINUTES.

 

Values minutes/seconds are described here:

https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/1620/system-global

Labels:
16148
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.