FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article discusses about the default settings on SSL-VPN and the consequences of configuration changes under SSL-VPN settings in a production environment.
By default, a SSL-VPN connection logouts after 8 hours.
set auth-timeout 28800
The auth-timeout is period of time in seconds that the SSL-VPN will wait before re-authentication is enforced. Default value is 28800 seconds (8 hours). Range: <0> to <259200>
A value of 0 indicates no timeout.
Also you may adjust the idle-timeout period of time in seconds that the SSL-VPN will wait before timing out the user if not being active.
# config vpn ssl settings set idle-timeout 300
Default value is 300 seconds (5 minutes). Range: <0> to <259200>.
Changes as above or changing tunnel/web mode will not impact the environment.
However, be aware: Once a SSL-VPN client is connected, a change to firewall address objects or IP pools under SSL-VPN settings in a production environment will tear down all the active SSL-VPN connections regardless of the above timeout.
This is an expected behavior and the following log will be displayed.
[260:root:0][257:root:0]Config change causes all session to be closed in vdom 'root'