Configuring authenticated access

Configuring authenticated access

When you have configured authentication servers, users, and user groups, you are ready to configure security policies and certain types of VPNs to require user authentication.

This section describes:

  • Authentication timeout
  • Password policy
  • Authentication protocols
  • Authentication in Captive Portals
  • Authentication in security policies
  • VPN authentication

 

Authentication timeout

An important feature of the security provided by authentication is that it is temporary—a user must re- authenticate after logging out. Also if a user is logged on and authenticated for an extended period of time, it is a good policy to have them re-authenticate at set periods. This ensures a user’s session is cannot be spoofed and used maliciously for extended periods of time — re-authentication will cut any spoof attempts short. Shorter timeout values are more secure.

 

Security authentication timeout

You set the security user authentication timeout to control how long an authenticated connection can be idle before the user must authenticate again. The maximum timeout is 1440 minutes (24 hours).

To set the security authentication timeout – web-based manager:

1. Go to User & Device > Authentication > Settings.

2. Enter the Authentication Timeout value in minutes.

The default authentication timeout is 5 minutes.

3. Select Apply.

 

SSL VPN authentication timeout

You set the SSL VPN user authentication timeout (Idle Timeout) to control how long an authenticated connection can be idle before the user must authenticate again. The maximum timeout is 259 200 seconds. The default timeout is 300 seconds.

 

To set the SSL VPN authentication timeout – web-based manager:

1. Go to VPN > SSL > Settings.

2. Under Idle Logout, make sure that Logout users when inactive for specified period is enabled and enter the Inactive For value (seconds).

3. Select Apply.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website