Hi
I give my users access to internet based on their FSSO credentials from AD but i think login session disconnects after 15 min and the user should sign out and sign in again in order to access the internet. how can I solve this issue?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Reza
I hope the following can help:
show the the config
type
config user setting
then
show full configuration
config user setting
set auth-type http https ftp telnet
set auth-cert "Fortinet_Factory"
set auth-ca-cert ''
set auth-secure-http disable
set auth-http-basic disable
set auth-ssl-allow-renegotiation disable
set auth-src-mac enable
set auth-on-demand implicitly
set auth-timeout 5
set auth-timeout-type idle-timeout
set auth-portal-timeout 3
set radius-ses-timeout-act hard-timeout
set auth-blackout-time 0
set auth-invalid-max 5
set auth-lockout-threshold 3
set auth-lockout-duration 0
set per-policy-disclaimer disable
set auth-ssl-min-proto-version default
unset auth-ssl-max-proto-version
set auth-ssl-sigalgs all
set default-user-password-policy ''
end
I see you have "auth-timeout 5" which forces user to re authenticate every 5 minutes. Is the disconnect really happening every 15 or in 5 minutes ?
The setting you are mentioning is for firewall users not fsso users. I am using fsso. How can i set time out for fsso users?
If you use fsso this is for ad or fsso agent
config user fsso edit "xxxx" set logon-timeout xx next
default is 5 minutes, but arccoding to fortinet
The logon-timeout option is used to manage how long authenticated FSSO users on the FortiGate will remain on the list of authenticated FSSO users when a network connection to the collector agent is lost.
in my network i use fsso single signon with collector agent (previous i use Ad polling but this is not stable and use high resource on firewall)
and if you continue to use the pc , no timeout
also on fsso-polling the default timeout is 8 hour
config user fsso-polling
edit 1
set logon-history <int> (0-48)
next
end
Pls check again your config
Hi,
i set the logon-timeout to 120 min but still i am disconnecting every 5 minutes.
Hi
First you have to know if the issue is on FG or on the FSSO agent.
To check that, see if the disconnected users are still visible on the FSSO agent.
Open FSSO agent console and click the "show logon users" button, then see if the disconnected users are listed there or not. If they are not listed then the issue is on FSSO agent.
Hi
In show logon users i can not see logged out user. What would be the problem?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.