Hot!User group server timeout

Author
MPhull
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/02/17 01:53:32
  • Status: offline
2021/02/17 02:20:16 (permalink)
0

User group server timeout

Hi All,
 
This is my first post so hope im doing it the correct way.


I have a client VPN, client authentication is configured multiple servers(members) which are configured in the users groups.....im unable to find any info which shows how the timeout between the servers in the list.  ie if I have 3 servers listed as below, if server 1 is not reachable what is the timeout before users are authenticated to server 2?
 
Server1
Server2
Server3
 
Firewall: Fortinet1200D.
#1

3 Replies Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 6466
    • Scores: 557
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: User group server timeout 2021/02/17 04:30:13 (permalink)
    5 (1)
    hi,
    and welcome to the forums.
    You didn't mention so I am assuming you talk about LDAP servers.
    The timeout settings are set in
    config system global
    , that is, in CLI.
    Have a look here: https://kb.fortinet.com/k....do?externalID=FD48351

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    MPhull
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2021/02/17 01:53:32
    • Status: offline
    Re: User group server timeout 2021/02/17 04:58:17 (permalink)
    0
    That's great thank you.
    We have a radius server and ldap.

    config system global output shows - 'set remoteauthtimeout 30', but does not show 'set ldapconntimeout' i assume this is because we are using the default LDAP time of 500ms.
     
    so if no response from radius within 30s,  LDAP server will be used.
     
     
    Thanks again.
     
    #3
    ede_pfau
    Expert Member
    • Total Posts : 6466
    • Scores: 557
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: User group server timeout 2021/02/19 05:08:28 (permalink)
    0
    Two hints:
    - yes, this setting is there. You probably issued a "show", which only shows settings different from the default value. Use "show full" to see all options.
    Please note that the default LDAP timeout value is 500 milliseconds (the other setting is in seconds).
    - 30 sec timeout on RADIUS is quite a lot. I would expect a reply in at most 1-2 seconds.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #4
    Jump to:
    © 2021 APG vNext Commercial Version 5.5