FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ymorohashi
Staff
Staff

Description

 

From the FortiOS Handbook, zero value is described as below:
'An idle timeout has been added for FortiGate console sessions (admin sessions connecting to a FortiGate console port or USB port).
By default the console timeout is set to 0 and console sessions will never timeout'.
 
The FortiGate CLI offers additional explanations:
'Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout'.

So the console session can still be disconnected even if configuring 'admin-console-timeout 0'.
The value of '0'  will make FortiGate consider the 'admintimeout' setting.


Solution

 

The expected behavior is as follows.  Firstly, '0' means "admin-console-timeout" is not enabled.  In this case, 'admintimeout' is used as console session idle timer. 
 
In the following configuration:

    FortiGate # config system global
    FortiGate (global) # show full-configuration | grep timeout
        set admin-console-timeout 0
        set admintimeout 1
        set device-idle-timeout 300
        set proxy-auth-timeout 300
        set ldapconntimeout 500
        set remoteauthtimeout 5

    FortiGate (global) #
'admin-console-timeout' is 0.  admintimeout is configured as 1 min.
So the console session will be disconnected after 1 minunte of idle time as admintimeout.

'admin-console-timeout' is allowed to be configured in the range of 15-300 seconds from the CLI.

    FortiGate # config system global
    FortiGate (global) # show full-configuration | grep timeout
        set admin-console-timeout 20
        set admintimeout 1
        set explicit-proxy-auth-timeout 300
        set ldapconntimeout 500
        set remoteauthtimeout 5

    FortiGate (global) #

'admin-console-timeout' is configured as 20 sec in this example.
The console session idle timer is overwritten from 'admintimeout 1 (min)' to 20 sec.
 

admin-console-timeout >> Enter an integer value from <15> to <300> or (special = <0>). SECONDS.

 

This is intended to lower the timeout for a console session to a matter of seconds.

But to have a longer time while the session is active, this setting should be disabled (0), and the duration in this case will be given by the admintimeout value in minutes
admintimeout -> Enter an integer value from <1> to <480> (default = <5>).

MINUTES.

 

Values minutes/seconds are described here:

https://docs.fortinet.com/document/fortigate/6.2.1/cli-reference/1620/system-global

Contributors