Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jirka1
Contributor III

SSL WEB Timeout

Hi,

 

given the current situation regarding COVID-19, we were forced to massively launch the SSL WEB portal for HTML5 RDP (until now we have only used FortiClient). How to solve the situation when the user closes browser and does not log out correctly - it is still seen on FGT as active even if is not connected anymore - see screenshot. Can I set a timeout only for SSL WEB? I would not like to set globally.

FGT200E, 6.0.9

Thank you.

 

Jirka

 

 

config vpn ssl settings
    set servercert "_xxxxxxxxx.cz"
    set idle-timeout 0
    set tunnel-ip-pools "SSL_Range"
    set dns-suffix xxxxxxxxx.local"
    set dns-server1 172.22.91.100
    set dns-server2 172.22.91.101
    set port 443
    set source-interface "wan1"
    set source-address "all"
    set source-address6 "all"
    set default-portal "None"
    config authentication-rule
        edit 1
            set groups "DomainAdmins-LDAP"
            set portal "Admin"
        next
        edit 2
            set groups "xxxx_VPN"
            set portal "xxxxxVPN"
        next
        edit 3
            set users "xxxx.Tel"
            set portal "Telxxxx"
        next
        edit 4
            set groups "ORA_PGMS"
            set portal "Ora_Pgms"
        next
        edit 5
            set groups "xxxx_RDP"
            set portal "xxxxxRDP"
        next
        edit 6
            set groups "OUxxxx"
            set portal "OU-xxxxx"
        next
        edit 7
            set groups "CADSxxxx"
            set portal "CADSxxxxx"
        next
       end
end

 

config vpn ssl web portal
    edit "xxxxxRDP"
        set tunnel-mode enable
        set ipv6-tunnel-mode disable
        set web-mode enable
        set host-check none
        set limit-user-logins disable
        set mac-addr-check disable
        set os-check disable
        set forticlient-download disable
        set ip-mode range
        set auto-connect disable
        set keep-alive disable
        set save-password disable
        set ip-pools "SSL_Range"
        set split-tunneling enable
        set split-tunneling-routing-address "xxxxxxxxx"
        set dns-server1 0.0.0.0
        set dns-server2 0.0.0.0
        set dns-suffix ''
        set wins-server1 0.0.0.0
        set wins-server2 0.0.0.0
        set display-bookmark enable
        set user-bookmark enable
--More-- set allow-user-access web ftp smb telnet ssh vnc rdp ping citrix portforward
        set user-group-bookmark enable
        config bookmark-group
            edit "gui-bookmarks"
            next
        end
        set display-connection-tools enable
        set display-history enable
        set display-status enable
        set heading "SSL-VPN Portal"
        set redir-url ''
        set theme blue
        set custom-lang ''
        set smb-ntlmv1-auth disable
        set smbv1 disable
        set hide-sso-credential enable
    next
end

 

1 REPLY 1
Dave_Hall
Honored Contributor

Perhaps set the idle-timeout value.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Labels
Top Kudoed Authors