Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jseeley
New Contributor

FortiClient Auth Timeout

Hello,

 

Our FortiClient SSL VPN users connect using a username and password with a push prompt for MFA using Cisco Duo. The FortiGate has a RADIUS connection to a server running Duo proxy. Everything works great until the auth timeout is reached. When the auth timeout is reached, users are prompted to accept the MFA/Duo push but they aren't asked to sign into the FortiClient again with their username and password. All the user has to do to stay connected is to accept the MFA push without having to re-enter their credentials. I want for the users to have to re-enter their credentials plus the MFA push, not just the MFA push.

 

Does anyone know why this is happening?

2 REPLIES 2
dbhavsar
Staff
Staff

Hello @jseeley ,

Please try increasing the remoteauthtimeout value to 120 and see if it works. That setting is under global. You can use following command:
config sys global
set remoteauthtimeout 120
end

test again if that helps.
Reference articles:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-and-two-factor-expiry-timers...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explaining-global-set-remoteauthtimeout-us...

 

 

DNB
hbac
Staff
Staff

Hi @jseeley,

 

What is the FortiClient version? Is it managed by FortiClient EMS? Do you have "Save Password" option enabled on FortiClient? https://docs.fortinet.com/document/forticlient/7.2.1/administration-guide/437773/save-password-auto-...

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors