Watchguard SAML autoLogout after 8 Hours
Hallo all,
I have a question.
We use Watchguard Mobile SSLVPN with MS SAML login. But all user will be automatic disconnected exactly after 8 Hours.
I found this Log in my dimension.
<?xml version:"1.0" encoding:"UTF-8"?> 3 1 236309 xxx@yyy.com 3 28800 180 SAML 4 3 3 0 0000000000000000 0000000000000000 2d80d3b825ee913a8483386b803498e4088b937e 1 0x0 122.231.34.22 0.0.0.0 SSLVPN-Users-SAML
28800 how can i edit this Timeout Value in Firebox?
BY the way: Firebox OS version is 12.11.1
Thanks a lot
Best Regards
0
Sign In to comment.
Comments
From the docs:
"Timeout settings specify when the Firebox disconnects users from the Access Portal. The Session Timeout setting indicates the maximum amount of time a user can remain connected to the Access Portal. The Idle Timeout setting indicates the maximum amount of time a user can be idle while connected to the Access Portal."
Configure the Access Portal
section: Configure the User Connection Settings
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/access portal/access_portal_config.html#Configur
Hi @masterofdebian
I'd check the advanced options in your SSLVPN settings:
See:
(Manually Configure the Firebox for Mobile VPN with SSL)
https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/mvpn/ssl/configure_fb_for_mvpn_ssl_c.html
I'm not sure what specific debug log that is -- that may not represent your rekey/reauth time.
-James Carson
WatchGuard Customer Support
Hallo bruce,
But we haven't active the acces portal at all.
regards
Hallo Bruce,
here is the screenshot.
thanks
Hallo James,
here is the scrrenshot from advanced settings.
12 Hours is the value.
Hallo James,
i found the log in dimension.
regards
sess_timeout value is 28800
This is a known bug and is tracked as:
FBX-28797 Session/idle timeouts do not take effect for SAML logins to the SSL VPN
We reported this issue in January 2025 and provided logs with various Watchguard and Azure SAML token changes, and it was determined that 8 hours is a hardcoded expiration for the samld process in the Fireware.
I was hoping to see a fix in 12.11.1, but it has not been resolved.