Hi,
I've tried to address these before in the past, but it's all popping up again so I'm hoping there may be some new information.
We're running a 90D with FW 5.2.7 and about 50 local users that are prompted to log in every morning and every afternoon for UTM policies.
First, every now and then (on a fairly common basis), DHCP clients can't get through the FGT to get to the login screen. They are able to receive email, so POP/SMTP traffic is live, but the Web filtering won't kick in. No matter what site I try to send them to, they get "no internet access", "not connected to a network", etc type errors. Two things that have seemed to help are logging into the mgmt console of the router from their browser to force traffic through, and then the login screen will show, or setting a static IP under a policy to bypass login altogether, in which case they get internet access but are not logged anywhere in the FGT as a user. I did speak w/FGT techs about this a couple of years ago, and was told (like usual) that it's a MSFT issue, not theirs.
The second issue has to do with authtimeout for the users that do get through. How come the max is still 8 hours (480 minutes)? We work from 8 to 5 with a one hour lunch break. I'd love to have a 9 hour lease so they are forced to log in once in the morning and are good for the day after that, but with an 8 hour max they have to be prompted twice per day. And depending on when their AM login was, the PM login sometimes pops up in the middle of their work and boots them out of database sessions, etc. Anyone know of a workaround, or if Fortinet has ever considered changing the max ttl?
We have had these issues off and on since 4 MR3, so unless there's something new that addresses it, the Fortigate "Update to the latest FW and all your problems will go away" doesn't hold true.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.