Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BensonLEI
Contributor

Created on ‎05-23-2023 09:46 PM

SSLVPN idle-timer not working

Hi, guys,

 

It has been frustrated about this configuration; the sslvpn idle-timer is still not working.

 

I configured all related parameters/attributes as the following weblink:

Technical Tip: SSL-VPN Idle-timeout not working

 

 

My network configuration as below:

1.  Fortigate 100E with FortiOS v7.2.4.

1.1. SSLVPN Client DNS same as Client

1.2. SSLVPN idle-timeout 300

2. FortiClient VPN v7.0.8.xxx

3. Windows 10 home

3.1. "SSDP Discovery" is disabled

3.2  "LLMNR" is disabled

 

 But the SSLPVN idle-timer is still working, any recommendation, many thanks ?

 

With regards

Benson

Labels:
4517
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser
In response to BensonLEI

Created on ‎05-24-2023 11:12 PM

Those are multicast traffic Windows/Mac or whatever the OS is and applications/drivers running on the OS are sending on network interfaces (239.255.255.250 is for Upnp(Universal Plug and Play)). So if you want to stop them, you have to do something on the client machine side. But you might not be able to.

I don't know if there is a way to exclude multicast packets at least from the counter's counting for "idle-timer". Wait for somebody else's comment who knows about it.

 

Toshi

View solution in original post

4371
0 Kudos
10 REPLIES 10
BensonLEI
Contributor
In response to Toshi_Esumi

Created on ‎05-24-2023 11:36 PM Edited on ‎05-25-2023 12:53 AM

Hi, Toshi,

Thanks so much for your prompt response and detailed explanation.

So the Fortigate sslvpn idle-timer starts to count down/trigger at the condition of absolutely no tunnel traffic. 

 

May I know if anything keeps monitoring the sslvpn tunnel alive ( or it is supposedly the tunnel works forever once it starts, until auth-timeout or manual logout, or extreme conditions - ).

 

I searched for some articles of similar devices, they also have the same issues:

1. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClxFCAS
2. https://community.spiceworks.com/topic/2268374-sonicwall-netextender-inactivity-timeout

3. ....

613
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.