Tuesday, September 10, 2019

Limit LDAP User Session / Guest Session to X amount of time per Day/24hours

Limit LDAP User Session / Guest Session to X amount of time per Day/24hours.

Okay been trying to research this for days now. 
And for some reason, I just can't find a solution or I'm just googling wrong. Honestly.

Just a basic requirement, i think, a user, whether part of AD, or a guest user, local user, or any kind of user to just have a connection/session limit PER DAY(or per 24hours). session limit will start after First Login of a day.

Just like in coffee shops where a customer can only use the internet for maybe an hour or two, then, account will be invalid anymore.
But for us, we are restricting our employees to just use wifi access to 1hour per day. They will be using their AD accounts (LDAP) for login.

After 1hour, disconnected, then they won't be able to login again after 24hours from first login.

The Guest Management feature should be great in Fortigate. But its only for guests.
We want the users to be from our AD. (LDAP)
Can't use the Fortigate Schedule feature because that's for a fixed schedule. 
The one time scheduling is not ideal since we have a lot of employees.

WLC have the " Enable Session Timeout ", but users can just re-login after being disconnected.

Can I do that with my current network setup? Is it possible?
Fortigate 500D Firewall
v5.6.3 build1547 (GA)

WLC : AIR-CT2504-K9
Software : 8.2.100.0

Windows Microsoft Active Directory



No comments:

Post a Comment