Technical Tip: Forcing session termination in scheduled firewall policies
Description
This article describes how increase productivity or set stricter rules, network administrators can apply firewall policies to restrict specific application to be accessed under certain time schedules only.
For example, an admin wants to restrict Internet access only during weekdays and for a specific amount of time:
On GUI :
On CLI:
On GUI, Select Policy & Objects -> Schedules.
On CLI:
From the above configuration, traffic towards the Internet could not traverse the firewall outside of 08:00 – 17:00. However, sessions that have been initiated just before 17:00 will bypass the schedule and will be closed only when the user terminates them or if they eventually timeout.
Scope
FortiGate.
Solution
To prevent the above behavior, the firewall policy setting 'schedule-timeout' will explicitly terminates all active sessions exactly on the upper limit of the configured schedule.
Note:
'schedule-timeout' is only available in the CLI settings of the firewall policy.