The
firewall does not apply the Authentication Portal timeout if your
authentication policy uses default authentication enforcement objects
(for example,
default-browser-challenge
).To
require users to re-authenticate after the Authentication Portal
timeout, clone the rule for the default authentication object and
move it before the existing rule for the default authentication
object.