Description
This article describes what is the meaning of 'admin-console-timeout 0'.
From the FortiOS Handbook, zero value is described as below:
'An idle timeout has been added for FortiGate console sessions (admin sessions connecting to a FortiGate console port or USB port).
By default the console timeout is set to 0 and console sessions will never timeout'.
The FortiGate CLI offers additional explanations:
'Console login timeout that overrides the admintimeout value. (15 - 300 seconds) (15 seconds to 5 minutes). 0 the default, disables this timeout'.
So the console session can still be disconnected even if configuring 'admin-console-timeout 0'.
The value of '0' will make FortiGate consider the 'admintimeout' setting.
Solution
The expected behavior is as follows. Firstly, '0' means 'admin-console-timeout' is not enabled. In this case, 'admintimeout' is used as a console session idle timer.
In the following configuration:
FortiGate # config system global
FortiGate (global) # show full-configuration | grep timeout
set admin-console-timeout 0 -> This counter is in seconds.
set admintimeout 1 -> This counter is in minutes.
set device-idle-timeout 300 -> This counter is in seconds.
set proxy-auth-timeout 300 -> This counter is in minutes.
set ldapconntimeout 500 -> This counter is in seconds.
set remoteauthtimeout 5 -> This counter is in seconds.
FortiGate (global) #'admin-console-timeout' is 0. admintimeout is configured as 1 min.
So the console session will be disconnected after 1 minute of idle time as admintimeout.
'admin-console-timeout' is allowed to be configured in the range of 15-300 seconds from the CLI.
FortiGate # config system global
FortiGate (global) # show full-configuration | grep timeout
set admin-console-timeout 20
set admintimeout 1
set explicit-proxy-auth-timeout 300
set ldapconntimeout 500
set remoteauthtimeout 5
FortiGate (global) #'admin-console-timeout' is configured as 20 seconds in this example.
The console session idle timer is overwritten from 'admintimeout 1 (min)' to 20 sec.
admin-console-timeout -> Enter an integer value from <15> to <300> or (special = <0>). This counter is in seconds.
This is intended to lower the timeout for a console session to a matter of seconds.
But to have a longer time while the session is active, this setting should be disabled (0), and the duration, in this case, will be given by the admintimeout value in minutes.
admintimeout -> Enter an integer value from <1> to <480> (default = <5>). -> This counter is in minutes.
Values minutes/seconds are described here:
Configure global attributes