FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fpadron
Staff
Staff

Description

 

This article describes how to set the time before an idle SSH session times, thus forcing the administrator to retry the login to the unit.
In older FortiGate versions this was helpful to speed-up the timeout when a wrong username has been entered.
The prompt would not include the username, only the password, so that needed to re-establish the session, or wait for it to timeout.
The newer FortiOS versions prompt for the username as well in case of invalid credentials, but this timer is still useful to allow the users more time to input the credetials.


Solution

 

This controls the amount of inactive time before the administrator must authenticate to the FortiGate after connection is established.
The range can be between 10 and 3600 seconds.
 
Per documentation:
'Maximum time in seconds permitted between making an SSH connection to the FortiGate and authenticating (10 - 3600 sec (1 hour), default 120)'.

This is how to configure it:

# config system global
   set admin-ssh-grace-time <number_of_seconds> (default: 120s)
end