To avoid the possibility of an administrator walking away from the management computer and leaving it exposed to unauthorized personnel, you can add an idle time-out. That is, if the web-based manager is not used for a specified amount of time, the FortiGate unit will automatically log the administrator out. To continue their work, they must log in again.
The time-out can be set as high as 480 minutes, or eight hours, although this is not recommend.
To set the idle time out, go to System > Admin > Settings and enter the amount of time for the Idle Timeout. A best practice is to keep the default of 5 min.
When logging into the console using SSH, the default time of inactivity to successfully log into the FortiGate unit is 120 seconds (2 minutes). You can configure the time to be shorter by using the CLI to change the length of time the command prompt remains idle before the FortiGate unit will log the administrator out. The range can be between 10 and 3600 seconds. To set the logout time enter the following CLI commands:
config system global
set admin-ssh-grace-time <number_of_seconds>