Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

RADIUS Time-Out

Hello, We have Forti 100a firewalls that we need to setup for RADIUS authentication. Everything is working except we need the firewall to allow 30-45 seconds for the PhoneFactor RADIUS to complete the call. When logging in remotely, the call comes from PhoneFactor almost immmediately. The problem is the firewall denies the login before we can answer the phone on the 1st ring and press the pound key. PhoneFactor support said we need 30-45 seconds to authenticate. I dont see anything on the RADIUS setup on the Forti. Is there another screen or something in the CLI that needs to be setup? Thanks in advance! Current firmware: v4.0,build0272,100331 (MR2)
3 REPLIES 3
Carl_Wallmark
Valued Contributor

Hi, and welcome, Take a look at this: remoteauthtimeout <timeout_sec> The number of seconds that the FortiGate unit waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. The range is 0 to 300 seconds, 0 means no timeout. To improve security keep the remote authentication timeout at the default value of 5 seconds. However, if a RADIUS request needs to traverse multiple hops or several RADIUS requests are made, the default timeout of 5 seconds may not be long enough to receive a response. -------------------------------------------------------------------------- In CLI: config system global set remoteauthtimeout 30 end

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

Not applicable

Perfect!!!! Thanks so much for the solution!!!
Carl_Wallmark
Valued Contributor

Glad i could help

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C