Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nmarche1
New Contributor II

Created on ‎05-10-2023 01:22 AM

MFA Timeout settings for third party authenticator

Hello everyone, 

We have started enrolling into PING ID authentication in my company and we are having trouble setting up the MFA wait time on the Fortigate VPN (The time it sits on 45%). 

Is there any way to set the time for third party authenticators on the fortigate CLI (or GUI but i was not able to find those settings anywhere on the GUI) or are those settings on the RADIUS side of the authentication. Currently i was able to somehow set the time from 5 to about 40 seconds even though every parameter i put into the CLI was 60+ seconds.

Thanks in advance for any help.

Nikola Marceta
Nikola Marceta
Labels:
2890
0 Kudos
1 Solution
aahmadzada
Staff
Staff

Created on ‎05-15-2023 12:25 AM

Maybe you have vdoms?

 

In that case yo should run these commands under a certain vdom.

 

Ahmad

Ahmad

View solution in original post

2837
0 Kudos
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ‎05-10-2023 01:40 AM

Hello

I think you are looking for this one:

config user radius
    edit radius1
        set timeout X  (default is 5)

Or:

config system global
    set remoteauthtimeout 5

 

AEK
AEK
2887
0 Kudos
nmarche1
New Contributor II
In response to AEK

Created on ‎05-10-2023 01:56 AM

I have tried both of these, unfortunately they do not work.
No matter what value i put in the timeout time is at around 40 seconds but i do not have the 40 seconds in any parameter on my fortigate. 

 

Nikola Marceta
Nikola Marceta
2879
0 Kudos
aahmadzada
Staff
Staff

Created on ‎05-10-2023 02:12 AM

Well, in such a case I would recommend running debugs on the FGT and pcap of the radius traffic just to see, if the Fortigate is the one, that is doing something wrong after 40 seconds.

Connect to Fortigate via putty(enabled session logging) and run these commands on
 
#diag deb reset
#diag debug console timestamp en
#diagnose debug application fnbamd -1
#diag debug enable

Parallelly run the Pcket capture between Fortigate and the Radius server via webgui
 
Now reproduce the issue.
Once reproduced, check the debug outputs to see, if the Fortigate is destroying the authentication session before the configured remoteauthtimeout value

Also, check the packet capture outputs, you might see something interesting as well.
 
Ahmad

Ahmad
2874
0 Kudos
nmarche1
New Contributor II
In response to aahmadzada

Created on ‎05-10-2023 04:37 AM

Maybe i am doing something wrong, 

I can get into my fortigate with SSH without problems but these commands are not working for me...

Anything i should enable for it to work?

 

Nikola Marceta
Nikola Marceta
2862
0 Kudos
AEK
SuperUser
SuperUser
In response to nmarche1

Created on ‎05-15-2023 03:06 AM

Either you are on the wrong VDOM or you logged-in with a low privileged user.

Also make sure you configured the radius' timeout params via CLI in the right VDOM.

AEK
AEK
2826
0 Kudos
aahmadzada
Staff
Staff

Created on ‎05-15-2023 12:25 AM

Maybe you have vdoms?

 

In that case yo should run these commands under a certain vdom.

 

Ahmad

Ahmad
2838
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.