Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
safik_s
New Contributor

How to keep auto refresh when users authenticated with their smartphone?

Hi, I'm a newbie in Fortigate (and my English is quite poor, so hope you all can understand my writing), I use Fortigate 300D and 620B (I work at two places with two different series of Fortigate) I've been facing an authentication problem when users (from OpenLDAP) use their smartphone for internet login via Fortigate Login Page. They successfully connect to the system but not for a long period, then their smartphones will be logged out automatically, it's not auto refresh. Whereas no problem with Laptop and PC at all. It's quite serious for me with this problem. I would be very grateful, if anyone could give me any idea to fix it. Thanks in advance.

1 Solution
Jeff_FTNT

Do you increase "auth-timeout "  ?

CLI:config user setting/set auth-timeout 1440/

 

View solution in original post

7 REPLIES 7
Jeff_FTNT
Staff
Staff

It have options like CLI:config system global/ set auth-keepalive enable  /end

Thanks.

safik_s

Thanks Jeff_FTNT for your fast reply, I appreciate it. As you answered, I've already enbled that command and it works very well. But the problem is, when users connect to "Wireless Access Point" with their smartphones, the device's session is often disconnected automatically whereas "there is no problem with Laptop". So I'm looking for solution that "keep auto refresh without disconnection by using smartphone and tablet" Any other ideas?

Jeff_FTNT

Do you increase "auth-timeout "  ?

CLI:config user setting/set auth-timeout 1440/

 

safik_s

Oh! That sounds interesting, I've not tried it yet. By the way, I will do it but please give me some more ideas, if whatever you may recall. I will update you after I've done this configuration then see how response users will do. Thanks.

xsilver_FTNT

Hi safik.s,

 

as you mentioned laptops working OK when both devices on WiFi .. isn't the root cause in WiFi reconnects ?

Laptops has more powerful wifi modules then cell/tablet so they can keep conenction better.

While cell/tablet can't and when it reconnects it might create new session or even gain new&different IP address. Which then will be seen by firewall as new user.

It also depends how are you logged in, FSSO/RSSO/CaptivePortal ? Some authentication methods has their own authentication timeouts. Check respective timeouts and their mode, as some timeouts are idle based, some hard and logoff regardless of user activity.

 

You might also consider to open ticket on Fortinet Support, but then we would need a bit more details like topology, config + debug.log and deeper description of used or intended authentication at the beginning.

 

Best regards,

Tomas

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

safik_s

Hi, xsilver. Thank you very much for your reply. Now it's better than before because I assigned 1440 of auth-time which my users seldom logout even if this might not be a good method. As a newbie of Fortigate user, I will improve my skills and need all of you as my IT consultants. Thanks in advance ^_^

K00Ster

Thank you so much.

 

My Fortigate Auth refresh was on 10 000 seconds and I looked around for 2 weeks to bring this time down, used the CLI you suggested set it to 5 and that made the auth refresh time drop down to 100 Seconds

 

Why is 1= 20 Seconds ?

Labels
Top Kudoed Authors