Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
js2
Staff
Staff

Created on ‎07-03-2023 03:01 AM

Article Id 262489

Troubleshooting Tip: User entry gets removed before the configured auth timeout

Description

 

This article describes an issue where the user entry gets removed before the configured auth timeout value.

 

Scope

 

FortiGate.

 

Solution

 

This article assumes the timeout type is set to hard timeout and the authtimeout value is set to 30 days.

 

Based on the timeout type, the user entry should be removed after the configured auth-timeout value. However, the auth entry is removed after 12 hours in some cases.

 

Verify this using the command 'diag firewall auth list' or by navigating to the firewall user monitor in the dashboard.

 

Configuration:

 

config user setting

set auth-timeout-type hard-timeout

set auth-timeout 1 to 10080 (Current Max Value 1440)

end

config user group

edit "LDAP"

set group-type firewall

set authtimeout 43200 ( max value 30 days set for group)

set member "LDAP"

next

end

 

The auth session gets removed if Fortigate receives a DHCP lease. In this case, the lease-time was 43200, which means a renewal will occur every 12 hours.

 

The solution is to increase the DHCP lease time as required.

 

A valid example value is a lease-time of 2592000, which will renew DHCP IP in 30 days.


Related articles:

1046
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.