Firewall authentication auth-timeout

Ravin_ · ‎12-10-2024

I intend to configure FortiGate such that users are required to re-authenticate every 10 hours, regardless of whether user session are active or inactive. I have applied the following commands, but the session timer seems to refresh instead of decreasing. Could advise if this configuration is correct?

config user setting
set auth-cert "Fortinet_Factory"
set auth-timeout 600
set auth-timeout-type hard-timeout
end

Remark: i suspect it refreshing because of allow-idle

dingjerry_FTNT · ‎12-10-2024

Hi @Ravin_ ,

Yes, it is correct.

Regards,

Jerry

Ravin_ · ‎12-10-2024

Hi @dingjerry_FTNT , But when I run again the expire time get refreshs instead of decreasing, become 36000 again

dingjerry_FTNT · ‎12-10-2024

Hi @Ravin_ ,

Weird. According to this KB:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-hard-timeout-for-authenticated-u...

It should be working.

BTW, what is your FortiGate firmware version?

Regards,

Jerry

dingjerry_FTNT · ‎12-10-2024

Please apply the authtimeout in User Group for a try:

config user group

edit "STAFF GROUP"

set authtimeout 600

end

Regards,

Jerry

pminarik · ‎12-11-2024

The change applies only to newly-created auth sessions.

Existing ones (created before the config change) will time out according to the rules as they were when the session was created.

Make sure you either test this on brand new logons, or simply wipe all pre-existing auth sessions to avoid confusion.

[ corrections always welcome ]

Firewall authentication auth-timeout

Nominate a Forum Post for Knowledge Article Creation