Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Some users randomly de-authenticated
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Some users randomly de-authenticated
Hi,
We're using Fortigate 300D (FortiOS 5.4) and have a AD FSSO Collector Agent (with WMI). Authentication is working fine except for few users. For those users for a reason I ignore, authentication is lost randomly, and then they lose their internet access. In that time they are not listed in the "Show all FSSO Logons". They are not listed in the "Show Logon Users" on the FSSO Server.
I know that they are autheticated on our Windows Domain.
To be authenticated they have to logoff and logon on their PC but after a random amount of time they get de-authenticaed.
Can anyone help, please ?
Best regards.
Abmas
Labels:
- Labels:
-
5.4
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Abmas, basically turn Collector log to debug level and some 50MB size and check what happened when such user looses his access and is gone from FSSO user list on Collector. 1. It might appear that WMI received logoff and so Collector removed user from list. 2. It might appear that user used 'Run as' and logged somewhere under different account, or some (possibly background) service has started on his workstation under different account. Such events usually create logon event on DC, with workstation's source IP. Causing the current user being overwritten in FSSO user list as workstation is believed to be owned/used by single user at a time.
Still no clue/resolved ? Then open a ticket on customer support postal (https://support.fortinet.com). Best regards, Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try this...
The setting "set auth-timeout" controls authentication timeout for Firewall authentication users. By default this value is set to 5 minutes.
# config user setting
# set auth-timeout
<timeout_integer> The auth-timeout range is 1 to 1440 minutes(24 hours).
# end
The "auth-timeout type" setting controls how the authentication entry is removed.
# config user setting
# set auth-timeout-type ?
idle-timeout Idle timeout.
hard-timeout Hard timeout.
new-session New session timeout.
By default, authentication timeout type is set to "idle-timeout".
Idle timeout: User entry will be removed if there is no traffic received for configured idle time (5 minutes by default).
Example
* User1 authenticated by identity based policy and granted to access resources.
* Now the User1 idle timer can be triggered if there is no traffic received from the user, this can happen in one of the following scenarios;
- User locked the computer
- User logged out of the computer.
- User PC disconnected from network.
- User PC shutdown or put to standby mode.
* If there is no traffic received from the user IP address for the configured auth-timeout (5 minutes by default), user authentication entry will be removed.
* If the user tries to access resources now, FortiGate will prompt the user to authenticate again.
Hard timeout: User entry will be removed after the configured auth- timeout value
Example
* User1 authenticated by identity based policy and granted to access resources.
* FortiGate will forcefully remove the user authentication entry after configured auth-timeout setting (5 minutes by default). This is done irrespective of traffic received or not from the user.
* Once the authentication entry is removed, user will be prompted to authenticate for further requests.
New-session timeout: User will be prompted to authenticate for new sessions after the configured auth-timeout timer.
Example
* User1 authenticated by identity based policy and generate a request to www.fortinet.com.
* User will start a download from www.fortinet.com and does not generate further requests.
* After 5 minutes (default auth-timeout), user tries to access www.google.com, now FortiGate will ask the user to authenticate again but the existing download to www.fortinet.com will not be terminated.
Configuration CLI
config user setting
set auth-timeout-type
idle-timeout Idle timeout.
hard-timeout Hard timeout.
new-session New session timeout.
thanks in advanced Rafael
thanks in advanced Rafael
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@raffau .. it was said that those are FSSO users, so auth session might timeout and iprope record might get removed but if everything is OK in FSSO then user should persist in 'diag debug auth fsso list' -or- 'diag firewall auth list | grep -f fsso' till the user:
- log off the workstation
- fail in workstation check and timeout on dead entry interval
- another user log into the same workstation and so fsso record get overwritten
This might help you a bit ..
Page 185 - FSSO issues
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Or collect data from troubleshooting plan attached and open a ticket on Fortinet support site via FortiCare, or push data through Fortinet Partner in case you do not have an account on FortiCare.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@thomas, for me this was the solution...
Rafael
thanks in advanced Rafael
thanks in advanced Rafael
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Some video games are randomly losing... 775 Views
- APIPA for some users 465 Views
- FortiAP DHCP-OFFER DHCP-DISCOVER Looped 787 Views
- RDP Sessions randomly dropping over IPSEC... 896 Views
- ZTNA error code 061 after upgrading... 918 Views
Labels
-
FortiGate
8,524 -
FortiClient
1,724 -
5.2
801 -
FortiManager
716 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
463 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
310 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
225 -
FortiWeb
201 -
5.0
196 -
IPsec
191 -
FortiNAC
181 -
FortiGuard
136 -
6.4
128 -
SD-WAN
112 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
85 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
74 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
54 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
48 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
41 -
DNS
41 -
BGP
40 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
34 -
Authentication
33 -
SSO
31 -
Interface
31 -
NAT
31 -
RADIUS
30 -
FortiConnect
28 -
FortiLink
27 -
FortiWAN
26 -
Web profile
26 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
FortiPAM
22 -
Virtual IP
22 -
SSL SSH inspection
21 -
Fortigate Cloud
20 -
FortiPortal
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
Intrusion prevention
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1665 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.