Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jirka1
Contributor III

Created on ‎03-18-2020 12:31 PM

SSL WEB Timeout

Hi,

 

given the current situation regarding COVID-19, we were forced to massively launch the SSL WEB portal for HTML5 RDP (until now we have only used FortiClient). How to solve the situation when the user closes browser and does not log out correctly - it is still seen on FGT as active even if is not connected anymore - see screenshot. Can I set a timeout only for SSL WEB? I would not like to set globally.

FGT200E, 6.0.9

Thank you.

 

Jirka

 

 

config vpn ssl settings
    set servercert "_xxxxxxxxx.cz"
    set idle-timeout 0
    set tunnel-ip-pools "SSL_Range"
    set dns-suffix xxxxxxxxx.local"
    set dns-server1 172.22.91.100
    set dns-server2 172.22.91.101
    set port 443
    set source-interface "wan1"
    set source-address "all"
    set source-address6 "all"
    set default-portal "None"
    config authentication-rule
        edit 1
            set groups "DomainAdmins-LDAP"
            set portal "Admin"
        next
        edit 2
            set groups "xxxx_VPN"
            set portal "xxxxxVPN"
        next
        edit 3
            set users "xxxx.Tel"
            set portal "Telxxxx"
        next
        edit 4
            set groups "ORA_PGMS"
            set portal "Ora_Pgms"
        next
        edit 5
            set groups "xxxx_RDP"
            set portal "xxxxxRDP"
        next
        edit 6
            set groups "OUxxxx"
            set portal "OU-xxxxx"
        next
        edit 7
            set groups "CADSxxxx"
            set portal "CADSxxxxx"
        next
       end
end

 

config vpn ssl web portal
    edit "xxxxxRDP"
        set tunnel-mode enable
        set ipv6-tunnel-mode disable
        set web-mode enable
        set host-check none
        set limit-user-logins disable
        set mac-addr-check disable
        set os-check disable
        set forticlient-download disable
        set ip-mode range
        set auto-connect disable
        set keep-alive disable
        set save-password disable
        set ip-pools "SSL_Range"
        set split-tunneling enable
        set split-tunneling-routing-address "xxxxxxxxx"
        set dns-server1 0.0.0.0
        set dns-server2 0.0.0.0
        set dns-suffix ''
        set wins-server1 0.0.0.0
        set wins-server2 0.0.0.0
        set display-bookmark enable
        set user-bookmark enable
--More-- set allow-user-access web ftp smb telnet ssh vnc rdp ping citrix portforward
        set user-group-bookmark enable
        config bookmark-group
            edit "gui-bookmarks"
            next
        end
        set display-connection-tools enable
        set display-history enable
        set display-status enable
        set heading "SSL-VPN Portal"
        set redir-url ''
        set theme blue
        set custom-lang ''
        set smb-ntlmv1-auth disable
        set smbv1 disable
        set hide-sso-credential enable
    next
end

 

Preview file
26 KB
3261
0 Kudos
1 REPLY 1
Dave_Hall
Honored Contributor

Created on ‎03-18-2020 08:05 PM

Perhaps set the idle-timeout value.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
32 KB
2296
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.