- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FSSO users disconnects frequently
Hi
I give my users access to internet based on their FSSO credentials from AD but i think login session disconnects after 15 min and the user should sign out and sign in again in order to access the internet. how can I solve this issue?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Reza
I hope the following can help:
- Make sure you configured all FSSO prerequisites (check this link)
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restricting-a-Fortinet-Single-Sign-On-Agen... - Make sure your agent version supports your Windows/AD version
- Check if you still see these disconnected users on the agent GUI
- Check agent logs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
show the the config
type
config user setting
then
show full configuration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
config user setting
set auth-type http https ftp telnet
set auth-cert "Fortinet_Factory"
set auth-ca-cert ''
set auth-secure-http disable
set auth-http-basic disable
set auth-ssl-allow-renegotiation disable
set auth-src-mac enable
set auth-on-demand implicitly
set auth-timeout 5
set auth-timeout-type idle-timeout
set auth-portal-timeout 3
set radius-ses-timeout-act hard-timeout
set auth-blackout-time 0
set auth-invalid-max 5
set auth-lockout-threshold 3
set auth-lockout-duration 0
set per-policy-disclaimer disable
set auth-ssl-min-proto-version default
unset auth-ssl-max-proto-version
set auth-ssl-sigalgs all
set default-user-password-policy ''
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see you have "auth-timeout 5" which forces user to re authenticate every 5 minutes. Is the disconnect really happening every 15 or in 5 minutes ?
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The setting you are mentioning is for firewall users not fsso users. I am using fsso. How can i set time out for fsso users?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you use fsso this is for ad or fsso agent
config user fsso edit "xxxx" set logon-timeout xx next
default is 5 minutes, but arccoding to fortinet
The logon-timeout option is used to manage how long authenticated FSSO users on the FortiGate will remain on the list of authenticated FSSO users when a network connection to the collector agent is lost.
in my network i use fsso single signon with collector agent (previous i use Ad polling but this is not stable and use high resource on firewall)
and if you continue to use the pc , no timeout
also on fsso-polling the default timeout is 8 hour
config user fsso-polling
edit 1
set logon-history <int> (0-48)
next
end
Pls check again your config
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
i set the logon-timeout to 120 min but still i am disconnecting every 5 minutes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
First you have to know if the issue is on FG or on the FSSO agent.
To check that, see if the disconnected users are still visible on the FSSO agent.
Open FSSO agent console and click the "show logon users" button, then see if the disconnected users are listed there or not. If they are not listed then the issue is on FSSO agent.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
In show logon users i can not see logged out user. What would be the problem?