Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alexnenci
New Contributor

ssl VPN auth-timeout

I have a fortigate 6.0.9 that we use for SSL VPNs, I have set vpn ssl settings with the default auth-timeout 28800 seconds

in the logs I see that there are a lot of sessions with duration much longer than 28800 seconds and I can see SSL VPN tunnel down with reason auth timeout after more than 45000 seconds

is this a normal behaviour?

 

Thanks

4 REPLIES 4
FortiNitish
Staff
Staff

You can refer the below document for the auth timeout setting in fortigate

https://community.fortinet.com/t5/FortiGate/Technical-Tip-auth-timeout-setting-for-SSL-VPN/ta-p/2205...

Toshi_Esumi
Esteemed Contributor III

To me it's impossible unless it's a bug. The auth-timer is countdown timer starting with the setting. We set longer than 8h and it always lower than that because it's counting down. So never goes beyond the initial value.

 

xxxxx-fg2 (corp) # get vpn ssl monitor
SSL-VPN Login Users:
Index User Group Auth Type Timeout Auth-Timeout From HTTP in/out HTTPS in/out Two-factor Auth
0     xxxxxx a-user-g 2(1)       19882   19882             x.x.x.x      0/0                  0/0                   0
2     yyyyyy a-user-g 2(1)       28793   29736             y.y.y.y       0/0                  0/0                   0

<and a moment after>

0     xxxxxx a-user-g 2(1)       19837   19837             x.x.x.x      0/0                  0/0                   0
2     yyyyyy a-user-g 2(1)       28794   29691             y.y.y.y       0/0                  0/0                   0

Toshi

smayank
Staff
Staff

Hello 

 

Idle Timeout: The idle-timeout is period of time in seconds that the SSL VPN will wait before timing out.

Auth-Timeout : The auth-timeout is period of time in seconds that the SSL VPN will wait before re-authentication is enforced.
 So this issue is there in some ols versions, from 7.0.8 it is fixed.

Thanks & Regards 
Mayank Sharma

mgoswami
Staff
Staff

Hi,

 

May I know if you have tested this from any other Forticlient version?

 

BR,

Manosh

Labels
Top Kudoed Authors