Technical Tip: How to configure TTL value/hostname-limit for hostname cache entries

Description

This article describes how to configure the TTL value/hostname-limit for hostname cache entries stored by FortiGate.

Scope

FortiGate.

Solution

Command syntax:

config system network-visibility
(network-visibility) set hostname-ttl                    <----- TTL of hostname table entries (60 - 86400)>.

hostname-ttl    Enter an integer value from <60> to <86400> (default = <86400>).

(network-visibility) set hostname-limit                  <----- Limit of the number of hostname table entries (0 - 50000)>.

hostname-limit    Enter an integer value from <0> to <50000> (default = <5000>).

Default config:

config system network-visibility
    set destination-visibility enable
    set source-location enable
    set destination-hostname-visibility enable
    set hostname-ttl 86400
    set hostname-limit 5000
    set destination-location enable
end

The following screenshot shows the default value for hostname TTL/hostname-limit.

diagnose test application dnsproxy 13                                <----- This command shows the output of hostname cache.

config system network-visibility
(network-visibility) set hostname-ttl 36000         <----- In this example, 36000 seconds is used.
(network-visibility) set hostname-limit 1000        <----- In this example, the number of hostname entries is limited to 1000.
(network-visibility) end

Related article:

Technical Tip: How to Configure ‘Network Visibility’ to view the country flags, country name and hostname in traffic logs