Did You Know About Administrative Idle Timeout and How to Tweak It?
on 02-08-201901:18 AM - last edited on 02-11-201909:50 AM by ploera
The Idle Timeout (Device tab > Setup > Management tab > Authentication Settings) will automatically log out an administrator when the configured time of inactivity is reached. The configurable range is 0 to 1440 minutes. The default is 60 as shown in the screenshot below.
There are ways to prevent the Idle Timeout from being reached. You can configure it to "0 (never)," which means that inactivity will not trigger an automatic logout as shown in the screenshot below.
Idle Timeout NeverThere are some scenarios where you can have both cases at the same time. For instance, you can have administrators logged out automatically by the Idle Timeout while, at the same time, having administrators not being logged out even when the Idle Timeout is reached.
To achieve this, you'll need to adjust the Idle Timeout and refresh interval values, which you can find on certain pages. If the Idle Timeout value is higher than the refresh interval, then you will not be logged out automatically if you stay on that page, even if the Idle Timeout value is reached. The reason for this is because the refresh of those webpages (both manual and automatic) will reset the Idle Timeout counter.
For example, let's consider the default settings where the Idle Timeout is 60 minutes. If your administrator logs into your firewall and stays on the dashboard page with a refresh value of 1 minute then this administrator will never be logged out as long as he stays on this page.
Refresh is set for 1 minute
Every minute, the automatic refresh from this page will reset the Idle Timeout, preventing the administrator from being logged out automatically. Depending on your needs, this might be something useful for you or something you actually want to avoid.
If you want the Idle Timeout to effectively log out idle adminsitrators, then you need to make sure that the Idle Timeout value is lower than the actual refresh value. Alternatively, you can also set the refresh value to "Manual" as seen in the screenshot below.
Refresh is set to Manual
Setting this option to "Manual" will disable the automatic refresh on this page. In turn, the Idle Timeout will not be reset and administrators will be logged out automatically after enough inactivity. Unless you've configured it to "0" as explained earlier.