Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CHR57
New Contributor III

Created on ‎01-24-2024 10:08 AM Edited on ‎01-24-2024 10:30 AM

Force session to end

We are looking into giving support staff the possibility to open for Internet access temporarily.

I think I can do that with a user in the policy/source and they trigger the policy in the browser, right?

 

But is it possible to force the session to end (turn off Internet access) after x min? If I conf session-ttl it want close Internet access if there is traffic on it, right?

 

Edit

Something like this?

https://community.fortinet.com/t5/Support-Forum/Enable-Security-Policy-Temporarily-for-Specific-Time...

CR
CR
Labels:
448
0 Kudos
7 REPLIES 7
AEK
SuperUser
SuperUser

Created on ‎01-24-2024 10:13 AM

What you need is to set schedule in your policy.

Here is the tech tip you need.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-schedule-policy-with-deny...

AEK
AEK
440
0 Kudos
CHR57
New Contributor III
In response to AEK

Created on ‎01-24-2024 10:16 AM

I was looking into that, but can you set a schedule as a timer, like close after 60 minutes?

CR
CR
437
0 Kudos
AEK
SuperUser
SuperUser
In response to CHR57

Created on ‎01-24-2024 10:39 AM

For sure. Just do it this way.

 

sched.png

AEK
AEK
429
0 Kudos
CHR57
New Contributor III
In response to AEK

Created on ‎01-24-2024 10:42 AM

Will it work any day after 01/24/2024?

Don't think so.

CR
CR
425
0 Kudos
AEK
SuperUser
SuperUser
In response to CHR57

Created on ‎01-24-2024 10:49 AM

You can set the "Type" of schedule "Recurring" or "One Time".

E.g.:

  • If you want is every day or every Monday at 10:00 you set it recurring
  • If you want it just once then set it "One Time"

 

AEK
AEK
417
0 Kudos
Bjay_Prakash_Ghising
Contributor
In response to CHR57

Created on ‎01-24-2024 12:50 PM

Hi @CHR57 

 

You can use the user setting for that criteria.

 

Change Auth timeout to Hard session. 

 

The user will disconnect after a specified time. 

# config user setting
    set authtimeout 60   
    set auth-timeout-type hard-timeout

 

User entry will be removed after the configured auth- timeout value. You need to authenticate to access the resource again.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explanation-of-auth-timeout-types-for-Fire...

 

Note this is a global setting. So it will apply to all the users.

 

Hope that helps.

 

Kind Regards, 

Bijay Prakash Ghising

 

Ghising
Ghising
390
0 Kudos
Bjay_Prakash_Ghising
Contributor
In response to CHR57

Created on ‎01-24-2024 01:00 PM Edited on ‎01-24-2024 01:05 PM

You can also easily create multiple schedules and attach them to a group and later apply the "schedules group" to the firewall policy. If that fits your criteria. 

 

Please refer below article to do so.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-two-or-more-firewall-sche...

 

Nowadays you can easily configure it from GUI.

Group.png

 

 

 

Please let us know. If you have any queries left.

 

Kind Regards, 

Bijay Prakash Ghising

 

Ghising
Ghising
387
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.