Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Contributor III

SSL WEB Timeout



given the current situation regarding COVID-19, we were forced to massively launch the SSL WEB portal for HTML5 RDP (until now we have only used FortiClient). How to solve the situation when the user closes browser and does not log out correctly - it is still seen on FGT as active even if is not connected anymore - see screenshot. Can I set a timeout only for SSL WEB? I would not like to set globally.

FGT200E, 6.0.9

Thank you.





config vpn ssl settings
    set servercert ""
    set idle-timeout 0
    set tunnel-ip-pools "SSL_Range"
    set dns-suffix xxxxxxxxx.local"
    set dns-server1
    set dns-server2
    set port 443
    set source-interface "wan1"
    set source-address "all"
    set source-address6 "all"
    set default-portal "None"
    config authentication-rule
        edit 1
            set groups "DomainAdmins-LDAP"
            set portal "Admin"
        edit 2
            set groups "xxxx_VPN"
            set portal "xxxxxVPN"
        edit 3
            set users "xxxx.Tel"
            set portal "Telxxxx"
        edit 4
            set groups "ORA_PGMS"
            set portal "Ora_Pgms"
        edit 5
            set groups "xxxx_RDP"
            set portal "xxxxxRDP"
        edit 6
            set groups "OUxxxx"
            set portal "OU-xxxxx"
        edit 7
            set groups "CADSxxxx"
            set portal "CADSxxxxx"


config vpn ssl web portal
    edit "xxxxxRDP"
        set tunnel-mode enable
        set ipv6-tunnel-mode disable
        set web-mode enable
        set host-check none
        set limit-user-logins disable
        set mac-addr-check disable
        set os-check disable
        set forticlient-download disable
        set ip-mode range
        set auto-connect disable
        set keep-alive disable
        set save-password disable
        set ip-pools "SSL_Range"
        set split-tunneling enable
        set split-tunneling-routing-address "xxxxxxxxx"
        set dns-server1
        set dns-server2
        set dns-suffix ''
        set wins-server1
        set wins-server2
        set display-bookmark enable
        set user-bookmark enable
--More-- set allow-user-access web ftp smb telnet ssh vnc rdp ping citrix portforward
        set user-group-bookmark enable
        config bookmark-group
            edit "gui-bookmarks"
        set display-connection-tools enable
        set display-history enable
        set display-status enable
        set heading "SSL-VPN Portal"
        set redir-url ''
        set theme blue
        set custom-lang ''
        set smb-ntlmv1-auth disable
        set smbv1 disable
        set hide-sso-credential enable


Honored Contributor

Perhaps set the idle-timeout value.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors