Does anyone ever get a popup that just counts down and to nothing and you cannot connect to any ztna destinations. I normally get the popup once, do my SAML authentication, along with MFA against the fortiauthenticator. Then everything works and I am good. Occasionally i get this timer that just counts down until 0.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This time I had to actually reboot the primary fortigate in the ha pair. once the secondary took over everything worked again.
Fortigate 1500D 7.2.5
ems 7.2.1
forticlient 7.2.1
I think it has something to do with user group timeouts and something with wad users. "diag wad user list" shows that it doesn't expire but I have the saml authentication timeout set at 960 in both the fortiauthenticator and in the user group settings on the fortigate for my SAML group.
I got into the fortigate and did a "diag wad user clear ID IP VDOM" and then was immediately able to connect again. How do I set the user sessions to expire either on idle or the user closes their last ZTNA session?
can you try this article and see if any improvement? https://community.fortinet.com/t5/FortiGate/Technical-Tip-Proxy-users-lifetime-control/ta-p/192401
This problem is back again.
We had since updated to 7.2.8 and Forticlient version 7.2.3.0929. Everything was working great for a couple months and we are getting these stuck sessions that need to be manually cleard to connect again. Is there someway to let these sessions timeout or be overridden so the session can establish again?
Do you see your traffic in the ztna logs ? Not forward traffic but ztna traffic? Your traffic if its being correctly proxyied it should appear in the ztna logs. Does the internet facing interface has a public ip or private? If private then add a secondary ip with the public ip 111.112.113.114 ? If it already has a public ip try TCP forwarding instead of HTTPS access proxy see if it works as it will do the same thing at the end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.