Created on 12-23-2020 05:28 AM Edited on 09-21-2023 09:52 PM By Jean-Philippe_P
Description
This article describes that it is possible to control authenticated users' lifetime using the below options.
Solution
'proxy-auth-lifetime' is a cap on the total time a proxy user can be authenticated after which re-authentication will take place.
It is by, default, disabled.
Once enabled, set the lifetime timeout in minutes.
Set the range between 5-65535. The default is set to 480 (or 8 hours).
The timeout option is only available when proxy-auth-lifetime is set to enable.
Once enabled, set the timeout in minutes for authenticated users.
'proxy-re-authentication-mode' option decides when the Proxy re-authentication timeout begins.
Syntax.
config system global
set proxy-auth-lifetime enable
set proxy-auth-lifetime-timeout <minutes>
set proxy-re-authentication-mode {session | traffic | absolute}
end
FGT91E-1 (global) # set proxy-re-authentication-mode
Session(default) <----- Proxy re-authentication timeout begins at the closure of the session.
traffic <----- Proxy re-authentication timeout begins after traffic has not been received.
absolute <----- Proxy re-authentication timeout begins when the user was first created.
In 7.0 and above commands have been changed :
config system global
set proxy-keep-alive-mode
session -> Proxy keep-alive timeout begins at the closure of the session.
traffic -> Proxy keep-alive timeout begins after traffic has not been received.
re-authentication -> Proxy keep-alive timeout begins when the user is authenticated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.