2.4.4 Ensure idle timeout time is configured

Information

The idle timeout period is the amount of time that an administrator will stay logged in to the GUI without any activity.

Best practice dictates setting admin idle timeout to prevent the risk of unauthorized access to the device, such as someone using a logged-in GUI on a PC that has been left unattended.

Solution

To change the idle timeout in the GUI:

1) Login to FortiGate with Super Admin privileges
2) Go to 'System' > 'Settings'.
3) In the 'Administration Settings' section, set the 'Idle timeout' value to five minutes by typing 5.
4) Click Apply.

To change the idle timeout in the CLI:

config system global
set admintimeout 5
end

Impact:

This is to prevent someone from accessing the FortiGate if the management PC is left unattended.

See Also

https://workbench.cisecurity.org/benchmarks/15284