Captive Portal Session timeout & Renewal Frequency
I have the following situation: I configured a guest SSID with Disclaimer Only authentication. I would like to configure the session timeout to 3 hour, and the renewal frequency to 1 hour (after the session time out, the user can not authenticate to the ssid until 1 hour). Is it possible to configure that? I tried to configure this field from FortiManager: captive-portal-auth-timeout
But it looks like this field doesn't exists on our Fortigate.
Thank you, but unfortunatelly i didn't find the solution in these articles :(
I use the internal Disclaimer page on the FortiGate with no authentication. My goal is to drop the client after 2 hours, and after that the user have to Agree with the user terms again, if she/he would like to continue using our Guest network.
Other vendors call these feature like Client Session Timeout
the auth-portal-timeout is not for deauthenticating portal users, if I remember correctly, but how long FortiGate will wait to complete a captive-portal authentication (this can take a few minutes if external captive portals and/or user registration and/or activation links/codes are involved).
Try the following setting: #config user setting #set auth-timeout-type hard-timeout #set auth-timeout 120
This should enforce a hard-timeout after two hours.
Please note this will affect ALL users, not just captive portal users!
As an alternative, you can look into webfilter quotas:
https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/898834/web-filtering-using-quotas This is an option available in proxy-mode (the vdom or webfilter profile needs to be in proxy mode); you could then set time-limits for specific or all webfilter categories to block users after they have reached the limit. The quota resets at midnight. You could set that on the policies handling captive portal traffic to ensure users going through these policies will get their access blocked after a certain amount of time.
As for enforcing a set time period before a user can connect again, I'm not sure this is possible; I've done a bit of research, but not found anything so far. There are some authentication blackout settings, but those only take effect after a user has failed authentication multiple times, which is not going to be the case with just a disclaimer.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Did you find a solution to this? I am currently looking for the same thing. I want to make it where the device can connect for 8 hours, then drops connection and has to reauthenticate and agree to terms. And mandatory agree to terms if they disconnect and then reconnect.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.