Technical Tip: Authentication timeout value for firewall user

nithincs · ‎04-28-2020

Description
There are many places in the configuration to set 'authtimout'.

This article describes the available options and explains how user 'authtimout' is actually enforced.

Solution
The value which is actually applied to a specific hierarchical rules outlined below.

'authtimeout' values are selected in the following order.

1) User #. <----- Highest level.

2) User group.

3) User setting.

By default, user and user group 'authtimeout' values is 0 and hence user setting 'authtimeout' value will take precedence.

When 'authtimeout' configured, upper levels override lower levels.

SAMPLE CONFIGURATION.

1. If specific timeout value is configured for the user, then it needs to set user 'authtimeout' at user level.

# config user local
    edit <username>
        set authtimeout xx                     <----- Integer value from <0> to <1440>.
    end

With this setting, user authentication will get authtimeout at xx minutes depend on 'auth-timeout-type'.

2) If specific timeout value is configured for the user group then it needs to set user 'authtimeout' at user group level.

# config user group
    edit <user group name>
        set authtimeout xx                       <----- Integer value from <0> to <1440>.
    end

With this setting, user authentication belonging to specific user group will get authtimeout at xx minutes depend on auth-timeout-type.

3) If authtimeout is not set in user/user group level then authtimeout value in user setting will be applied for all users.

# config user setting
set authtimeout xx <----- Integer value from <0> to <1440>.
end

Related Articles

Technical Tip: Change session ttl on firewall policy