User and user group timeouts
Authenticated user groups can have timeout values per group in addition to FortiGate-wide timeouts. Three types of group timeouts can be configured: idle, hard, and session. These are in addition to any external timeouts, such as those on RADIUS servers.
To configure the timeout type for authenticated users:
config user setting
set auth-timeout-type {idle-timeout | hard-timeout | new-session}
set auth-timeout <integer>
end
Timeouts are measured in minutes (1 - 1440, default = 5). If VDOMs are enabled, the global level auth-timeout user setting is the default all VDOMs inherit.
|
Timeout type |
Description |
|---|---|
|
Idle |
This is the default setting. The idle timer starts when a user initiates a session. As long as data is transferred in this session, the timer continually resets. If the data flow stops, the timer is allowed to advance until it reaches its limit. When the user has been idle for too long, the user must re-authenticate before traffic is allowed to continue in that session. |
|
Hard |
The hard timer starts when a user initiates a session. When the timeout is reached, all the sessions for that user must be re-authenticated. This timeout is not affected by any events. |
|
Session |
The session timer starts when a user initiates a session. When the timeout is reached, existing sessions may continue. New sessions are not allowed until the user re-authenticates. This timeout is not affected by any events. |
To configure the authentication timeout for a user group:
config user group
edit <name>
set authtimeout <integer>
next
end
Timeouts are measured in minutes (0 - 43200). A value of zero (the default) means the global timeout is used.
|
If a user belongs to multiple RADIUS groups, the group |