Description
This article describes that it is possible to control authenticated users' lifetime using the below options.
Solution
'proxy-auth-lifetime' is a cap on the total time a proxy user can be authenticated after which re-authentication will take place.
It is by, default, disabled.
Once enabled, set the lifetime timeout in minutes.
Set the range between 5-65535. The default is set to 480 (or 8 hours).
The timeout option is only available when proxy-auth-lifetime is set to enable.
Once enabled, set the timeout in minutes for authenticated users.
'proxy-re-authentication-mode' option decides when the Proxy re-authentication timeout begins.
Syntax.
config system global
set proxy-auth-lifetime enable
set proxy-auth-lifetime-timeout <minutes>
set proxy-re-authentication-mode {session | traffic | absolute}
end
FGT91E-1 (global) # set proxy-re-authentication-mode
Session(default) <----- Proxy re-authentication timeout begins at the closure of the session.
traffic <----- Proxy re-authentication timeout begins after traffic has not been received.
absolute <----- Proxy re-authentication timeout begins when the user was first created.
In 7.0 and above commands have been changed :
config system global
set proxy-keep-alive-mode
session -> Proxy keep-alive timeout begins at the closure of the session.
traffic -> Proxy keep-alive timeout begins after traffic has not been received.
re-authentication -> Proxy keep-alive timeout begins when the user is authenticated.
