FortiClient Auth Timeout

jseeley · ‎08-03-2021

Hello,

Our FortiClient SSL VPN users connect using a username and password with a push prompt for MFA using Cisco Duo. The FortiGate has a RADIUS connection to a server running Duo proxy. Everything works great until the auth timeout is reached. When the auth timeout is reached, users are prompted to accept the MFA/Duo push but they aren't asked to sign into the FortiClient again with their username and password. All the user has to do to stay connected is to accept the MFA push without having to re-enter their credentials. I want for the users to have to re-enter their credentials plus the MFA push, not just the MFA push.

Does anyone know why this is happening?

dbhavsar · ‎09-20-2023

Hello @jseeley ,

Please try increasing the remoteauthtimeout value to 120 and see if it works. That setting is under global. You can use following command:
config sys global
set remoteauthtimeout 120
end

test again if that helps.
Reference articles:
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-and-two-factor-expiry-timers...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explaining-global-set-remoteauthtimeout-us...

DNB

hbac · ‎09-21-2023

Hi @jseeley,

What is the FortiClient version? Is it managed by FortiClient EMS? Do you have "Save Password" option enabled on FortiClient? https://docs.fortinet.com/document/forticlient/7.2.1/administration-guide/437773/save-password-auto-...

Regards,

FortiClient Auth Timeout

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website