Description
This article describes what is the meaning of 'admin-console-timeout 0'.
From the FortiOS Handbook, zero value is described as below:
'An idle timeout has been added for FortiGate console sessions (admin sessions connecting to a FortiGate console port or USB port).
By default the console timeout is set to 0 and console sessions will never timeout'.
The FortiGate CLI offers additional explanations:
'Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout'.
So the console session can still be disconnected even if configuring 'admin-console-timeout 0'.
The value of '0' will make FortiGate consider the 'admintimeout' setting.
Scope
FortiGate
Solution
The expected behavior is as follows. Firstly, value '0' set for 'admin-console-timeout' means that the console timeout is not enabled.
In this case, 'admintimeout' is used as a console session idle timer.
Example 1:
config system global
FortiGate (global) # show full-configuration | grep timeout
set admin-console-timeout 0 -> This counter is in seconds.
set admintimeout 1 -> This counter is in minutes.
set device-idle-timeout 300 -> This counter is in seconds.
set proxy-auth-timeout 300 -> This counter is in minutes.
set ldapconntimeout 500 -> This counter is in seconds.
set remoteauthtimeout 5 -> This counter is in seconds.
Example:
'admin-console-timeout' is set as 0 s.
'admintimeout' is set as 1 min.
So the console session (0=not set) will be disconnected after 1 minute of idle time, following admintimeout.
'admin-console-timeout' is allowed to be configured in the range of 15-300 seconds from the CLI.
Example 2:
config system global
FortiGate (global) # show full-configuration | grep timeout
set admin-console-timeout 20
set admintimeout 1
set explicit-proxy-auth-timeout 300
set ldapconntimeout 500
set remoteauthtimeout 5
'admin-console-timeout' is configured as 20 seconds in this example.
The console session idle timer is overwritten from 'admintimeout 1 (min)' to 20 sec.
This is intended to lower the timeout for a console session to a matter of seconds.
To extend the session duration past the maximum configurable value of 300, then this setting should be disabled (0), and the duration in this case will be given by the admintimeout value, in minutes.
admintimeout -> Enter an integer value from <1> to <480> (default = <5>). -> This counter is in minutes.
Values minutes/seconds are described here:
Configure global attributes