I have a fortigate 6.0.9 that we use for SSL VPNs, I have set vpn ssl settings with the default auth-timeout 28800 seconds
in the logs I see that there are a lot of sessions with duration much longer than 28800 seconds and I can see SSL VPN tunnel down with reason auth timeout after more than 45000 seconds
is this a normal behaviour?
Thanks
You can refer the below document for the auth timeout setting in fortigate
To me it's impossible unless it's a bug. The auth-timer is countdown timer starting with the setting. We set longer than 8h and it always lower than that because it's counting down. So never goes beyond the initial value.
xxxxx-fg2 (corp) # get vpn ssl monitor
SSL-VPN Login Users:
Index User Group Auth Type Timeout Auth-Timeout From HTTP in/out HTTPS in/out Two-factor Auth
0 xxxxxx a-user-g 2(1) 19882 19882 x.x.x.x 0/0 0/0 0
2 yyyyyy a-user-g 2(1) 28793 29736 y.y.y.y 0/0 0/0 0
<and a moment after>
0 xxxxxx a-user-g 2(1) 19837 19837 x.x.x.x 0/0 0/0 0
2 yyyyyy a-user-g 2(1) 28794 29691 y.y.y.y 0/0 0/0 0
Toshi
Hello
Idle Timeout: The idle-timeout is period of time in seconds that the SSL VPN will wait before timing out.
Auth-Timeout : The auth-timeout is period of time in seconds that the SSL VPN will wait before re-authentication is enforced.
So this issue is there in some ols versions, from 7.0.8 it is fixed.
Thanks & Regards
Mayank Sharma
Hi,
May I know if you have tested this from any other Forticlient version?
BR,
Manosh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.