Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
scerazy
New Contributor III

Created on ‎06-20-2012 01:26 AM

User logout URL ?

I have authentication set to 40 min My Staff/Students mix machines, so it happens often that staff will be using workstation that is still logged to firewall (firewall authentication on Macs) as student (hence having student restrictions applied) Is there a URL that allows user to logout off the firewall? Of course I can do it from ADMIN web GUI, but that is not the point I need self-service for a user to be able to log off him/her self Seb
14014
0 Kudos
4 REPLIES 4
Faheem
New Contributor

Created on ‎06-20-2012 03:08 AM

I' m not getting you so i cant say anything ..... Write it in a way that is easy to understand. CLI or GUI ? Staff / Student admin profiles ?
2131
0 Kudos
billp
Contributor

Created on ‎06-20-2012 09:33 AM

Is there a URL that allows user to logout of the firewall?
Short answer: no. I am assuming you are using the web-based login window for your Macs. Longer answer: You can fudge things by using 
config global auth-keepalive enable
This will create an additional browser window when you login that will keep the connection alive as long as the browser is up. On that page, there is a button that can forcibly end the authentication session. I played with it early on but decided it was not worth the trouble for my particular setup. Instead, I opted for shorter timeouts with the assumption that most stations would be idle for at least 5-10 minutes before another user tried using one. If you wanted to try to hack something, it might be possible to create a script that could be uploaded to the firewall to periodically kill the connections on a set of machines with known IPs. Some of the other admins here might be able to comment on that approach.

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
2131
0 Kudos
scerazy
New Contributor III

Created on ‎09-12-2012 03:26 AM

Strange that nobody else chipped in... Yes, I implemented config global auth-keepalive enable which would be perfect if the window did not have to stay open I might consider shorter timeouts Seb
2131
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎09-12-2012 07:04 AM

Maybe have a look at 
 config user setting
    set auth-timeout <minutes>
    set auth-timeout-type {idle-timeout|hard-timeout|new-session}
These were introduced in 4.3.6, see RN or " What' s New in MR3 patch 6" .
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2131
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.