Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lucadd
New Contributor

SSL Portal - Time to type FortiToken too short

Hello, we use a ssl portal with a FortiToken provisioned by a FortiAuthenticator (as a Radius server in the FG). During the login form, just appear the request of the token, it disappear after few seconds and the user see an Error: Permission denied. The same system is used for login to administration mgmnt of the firewall and in this case working fine, the token request form it's show for some minutes.

 

The problem happen only in this device (FG 100D, 6.2 firmware).

 

I have checked some timeout settings but there are in default time..as for other units.

 

During the diagnose debug, when appear the form to put the token, the log will blocked in fam_auth_send_req:583 with server blacklist:.

 

After few second the fill disappear and in the log see: fam_auth_send_req_internal:461 fnbam_auth return: 4

and the user see "Error: Permission denied."

diagnose debug application sslvpn -1
diagnose debug enable

2 REPLIES 2
Philippe_Gagne
Contributor

Hello,

 

I got the same issue with Microsoft MFA with SSLVPN Login. I had to change the "remoteauthtimeout" value

 

config system global

set remoteauthtimeout 30

end

 

30 seconds is the value recommended by Microsoft, but for FortiToken, may 10 to 15 seconds should be enough.

 

Regards,

 

Philippe

 

lucadd

Hello Philippe, very good!

Now work. I have configured 20 sec in test and could be fine also in production.

 

Have a nice day.

Thx,

Labels
Top Kudoed Authors