Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SecurityPlus
Contributor II

SSL VPN Timeout

Office staff are reporting that the SSL VPN sessions all timeout after approximately 8hrs. How can I either lengthen that time or disable the timeout? They would like to set this to stay connected for 3 days (36 hrs) though we will ask users to log out at the end of their workday. They sometimes work over 8 hrs. a day.

 

Running FortiOS 6.0.9 on a FortiGate 60E.

 

I went into the CLI and entered the following commands:

config vpn ssl settings

set auth-timeout 259200

 

It appears that this should set the timeout in seconds giving them 36 hrs. before disconnection. They still get disconnected after 8 hrs. Also, when I search the configuration backup for "set auth-timeout" or for "259200" I can't find the setting that I thought that I added. Am I doing something wrong?

 

 

6 REPLIES 6
SEI
New Contributor II

Hello 

 

I have set these 2 Parameters to solve the problem:

 

set idle-timeout {integer}   SSL VPN disconnects if idle for specified time in seconds. range[0-259200]

set auth-timeout {integer}   SSL-VPN authentication timeout (1 - 259200 sec (3 days), 0 for no timeout). range[0-259200]

 

Sini

ShawnZA
Contributor II

Its the set auth-timeout setting, the default is on 8 hours.(28800 seconds)

SecurityPlus

Thanks everyone!

 

I think that I see what I was doing wrong.

 

After entering:

config vpn ssl settings set auth-timeout 259200

 

I did not type "end". I simply closed the CLI interface.

I presume that not typing end caused it not to save the setting.

suthomas1

Correct, "end" needs to be typed for saving the config.

Suthomas
Roy_CHFR
New Contributor

It  looks like you used the correct commands.  They appear to be exactly as I did them. 1 : config vpn ssl settings     ( Update/show/change SSL settings) 2 : set auth-timeout 42200      (We set ours to around 12 hours )

3 : show      (Just to be sure that the param was taken into account)

 

4: End      (Save the config) Nothing else necessary for us.  Do a Show Config and verify that the param was indeed saved. After that the next SSL connection will timeout after the period you want.

mlynch1958

Can this be done in the GUI? Where?