Hi All,
I have the following situation: I configured a guest SSID with Disclaimer Only authentication. I would like to configure the session timeout to 3 hour, and the renewal frequency to 1 hour (after the session time out, the user can not authenticate to the ssid until 1 hour). Is it possible to configure that?
I tried to configure this field from FortiManager: captive-portal-auth-timeout
But it looks like this field doesn't exists on our Fortigate.
Environment:
Fortigate40F with FortiOs 7.2.2
Fortimanager 7.2.1 OS
FortiAP 231F 7.2.1 OS
Thank you!
Best Regards,
Istvan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 10-18-2022 06:49 AM
Hello Istvan
I can refer you two useful articles related to different auth time outs, syntax might need to be changed on FMG according to syntax in the articles
Please let us know about the outcome, and if it does not work out this way
Regards !
Edvin
Hello,
Thank you, but unfortunatelly i didn't find the solution in these articles :(
I use the internal Disclaimer page on the FortiGate with no authentication. My goal is to drop the client after 2 hours, and after that the user have to Agree with the user terms again, if she/he would like to continue using our Guest network.
Other vendors call these feature like Client Session Timeout
Do you have any idea for that?
Thanks
Istvan
Hey Istvan,
the auth-portal-timeout is not for deauthenticating portal users, if I remember correctly, but how long FortiGate will wait to complete a captive-portal authentication (this can take a few minutes if external captive portals and/or user registration and/or activation links/codes are involved).
Try the following setting:
#config user setting
#set auth-timeout-type hard-timeout
#set auth-timeout 120
#end
This should enforce a hard-timeout after two hours.
Please note this will affect ALL users, not just captive portal users!
As an alternative, you can look into webfilter quotas:
https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/898834/web-filtering-using-quotas
This is an option available in proxy-mode (the vdom or webfilter profile needs to be in proxy mode); you could then set time-limits for specific or all webfilter categories to block users after they have reached the limit. The quota resets at midnight. You could set that on the policies handling captive portal traffic to ensure users going through these policies will get their access blocked after a certain amount of time.
As for enforcing a set time period before a user can connect again, I'm not sure this is possible; I've done a bit of research, but not found anything so far. There are some authentication blackout settings, but those only take effect after a user has failed authentication multiple times, which is not going to be the case with just a disclaimer.
Did you find a solution to this? I am currently looking for the same thing. I want to make it where the device can connect for 8 hours, then drops connection and has to reauthenticate and agree to terms. And mandatory agree to terms if they disconnect and then reconnect.
Hi,
Unfortunatelly I didn't find any solution for that.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.