Did You Know About Administrative Idle Timeout and How to Tweak It?

Community Team Member

Did You Know About Administrative Idle Timeout and How to Tweak It? Learn more about the Idle Timeout and how setting this feature can help you. Take a moment to explore these quick tips to increase your visability. Got Questions? Get Answers on Live Community!

 

The Idle Timeout (Device tab > Setup > Management tab > Authentication Settings) will automatically log out an administrator when the configured time of inactivity is reached. The configurable range is 0 to 1440 minutes. The default is 60 as shown in the screenshot below.

 

idle timeout.jpgIdle Timeout

There are ways to prevent the Idle Timeout from being reached. You can configure it to "0 (never)," which means that inactivity will not trigger an automatic logout as shown in the screenshot below.

 

idle timeout never.jpgIdle Timeout NeverThere are some scenarios where you can have both cases at the same time. For instance, you can have administrators logged out automatically by the Idle Timeout while, at the same time, having administrators not being logged out even when the Idle Timeout is reached.

 

To achieve this, you'll need to adjust the Idle Timeout and refresh interval values, which you can find on certain pages. If the Idle Timeout value is higher than the refresh interval, then you will not be logged out automatically if you stay on that page, even if the Idle Timeout value is reached. The reason for this is because the refresh of those webpages (both manual and automatic) will reset the Idle Timeout counter.

 

For example, let's consider the default settings where the Idle Timeout is 60 minutes. If your administrator logs into your firewall and stays on the dashboard page with a refresh value of 1 minute then this administrator will never be logged out as long as he stays on this page.

refresh.jpgRefresh is set for 1 minute

Every minute, the automatic refresh from this page will reset the Idle Timeout, preventing the administrator from being logged out automatically. Depending on your needs, this might be something useful for you or something you actually want to avoid.

 

If you want the Idle Timeout to effectively log out idle adminsitrators, then you need to make sure that the Idle Timeout value is lower than the actual refresh value.  Alternatively, you can also set the refresh value to "Manual" as seen in the screenshot below. 

manual refresh.jpgRefresh is set to Manual 

Setting this option to "Manual" will disable the automatic refresh on this page. In turn, the Idle Timeout will not be reset and administrators will be logged out automatically after enough inactivity. Unless you've configured it to "0" as explained earlier.

 

Kiwi out !

Comments
L4 Transporter

Great article i was trying to find the answer for this for so long.

Thanks a lot

L4 Transporter

If i change the setting to Manual it applies to my web session or will it affect sessions for other users also?

 

is there any way i can change the refresh time interval for all users ?

 

does refresh time interval need commit?

Community Team Member

@MP18,

 

If i change the setting to Manual it applies to my web session or will it affect sessions for other users also?

  • It applies to this user only.

 

is there any way i can change the refresh time interval for all users ?

 

does refresh time interval need commit?

  • No it doesn't.

 

Cheers !

-Kiwi.

 
L1 Bithead

This is of course a way of ensuring you as an admin will be logged out, but of course if you look at it a different way: it is also a way for an admin that you want to get logged out, to prevent this from happening.
For example: I am the superuser and want to ensure that the members of the service desk always get logged out after 5min of inactivity, there is no way I can prevent them from faking activity by just keeping the monitoring tab open on a refresh rate of X seconds.
Correct? 

L7 Applicator

@jpeeters1982,

That is correct. You could however create a script with the API that automatically logs out the other users and schedule it to run at 1700 if that is a requirement that you have. 

Ask Questions Get Answers Join the Live Community
Labels