Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aguerriero
Contributor II

Created on ‎10-18-2023 02:55 PM

ZTNA Forticlient authentication popup just counts down to zero.

8ac04bb8-80db-41ed-8682-ebf6f492faa9.PNG

Does anyone ever get a popup that just counts down and to nothing and you cannot connect to any ztna destinations. I normally get the popup once, do my SAML authentication, along with MFA against the fortiauthenticator. Then everything works and I am good. Occasionally i get this timer that just counts down until 0.

1163
0 Kudos
5 REPLIES 5
aguerriero
Contributor II

Created on ‎10-18-2023 04:17 PM

This time I had to actually reboot the primary fortigate in the ha pair. once the secondary took over everything worked again.

1142
0 Kudos
aguerriero
Contributor II

Created on ‎10-20-2023 02:58 PM

Fortigate 1500D 7.2.5
ems 7.2.1
forticlient 7.2.1

I think it has something to do with user group timeouts and something with wad users. "diag wad user list" shows that it doesn't expire but I have the saml authentication timeout set at 960 in both the fortiauthenticator and in the user group settings on the fortigate for my SAML group.

I got into the fortigate and did a "diag wad user clear ID IP VDOM" and then was immediately able to connect again. How do I set the user sessions to expire either on idle or the user closes their last ZTNA session? 

Capturefdafdafdafdasdfafa.PNG

1113
0 Kudos
tino_p
Staff
Staff
In response to aguerriero

Created on ‎06-13-2024 07:40 PM

can you try this article and see if any improvement? https://community.fortinet.com/t5/FortiGate/Technical-Tip-Proxy-users-lifetime-control/ta-p/192401

Tino
613
0 Kudos
aguerriero
Contributor II
In response to aguerriero

Created on ‎08-02-2024 12:22 PM

This problem is back again.

We had since updated to 7.2.8 and Forticlient version 7.2.3.0929. Everything was working great for a couple months and we are getting these stuck sessions that need to be manually cleard to connect again. Is there someway to let these sessions timeout or be overridden so the session can establish again?

381
0 Kudos
lorenma
New Contributor

Created on ‎06-13-2024 10:43 PM

Do you see your traffic in the ztna logs ? Not forward traffic but ztna traffic? Your traffic if its being correctly proxyied it should appear in the ztna logs. Does the internet facing interface has a public ip or private? If private then add a secondary ip with the public ip 111.112.113.114 ? If it already has a public ip try TCP forwarding instead of HTTPS access proxy see if it works as it will do the same thing at the end

VidMate
VidMate
604
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.