Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aguerriero
Contributor II

Created on ‎10-18-2023 02:55 PM

ZTNA Forticlient authentication popup just counts down to zero.

8ac04bb8-80db-41ed-8682-ebf6f492faa9.PNG

Does anyone ever get a popup that just counts down and to nothing and you cannot connect to any ztna destinations. I normally get the popup once, do my SAML authentication, along with MFA against the fortiauthenticator. Then everything works and I am good. Occasionally i get this timer that just counts down until 0.

446
0 Kudos
2 REPLIES 2
aguerriero
Contributor II

Created on ‎10-18-2023 04:17 PM

This time I had to actually reboot the primary fortigate in the ha pair. once the secondary took over everything worked again.

425
0 Kudos
aguerriero
Contributor II

Created on ‎10-20-2023 02:58 PM

Fortigate 1500D 7.2.5
ems 7.2.1
forticlient 7.2.1

I think it has something to do with user group timeouts and something with wad users. "diag wad user list" shows that it doesn't expire but I have the saml authentication timeout set at 960 in both the fortiauthenticator and in the user group settings on the fortigate for my SAML group.

I got into the fortigate and did a "diag wad user clear ID IP VDOM" and then was immediately able to connect again. How do I set the user sessions to expire either on idle or the user closes their last ZTNA session? 

Capturefdafdafdafdasdfafa.PNG

396
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.