FortiGate 500D - 5.4 Session-TTL Question

Question

Hello,

Can someone tell me what the default session-ttl value is? When I run config system session-ttl and show I get nothing.

(session-ttl) # show config system session-ttl end

I see it set in various firewall policies as "set session-ttl 0" which tells the policy to use the default. If the default above is not set what happens? Is there a built in default it's not showing me? I do not want to set a default and break anything.

The issue I am having is users are occasionally getting timeouts when using a web application from outside > DMZ. Sometimes it works fine and other times they get timeout errors. When looking at FortiAnalyzer traffic logs I see some sessions as "firewall action: close" and others as "firewall action: timeout"

The current policy that I am having issues with does NOT have any session-ttl values set. The service (http) under config firewall service custom has "set session-ttl 0" which again points back to a default that isn't set.

tanr · Accepted Answer

Default values aren't displayed with the "show" command.  If you instead enter "show full" you'll probably see: config system session-ttl     set default 3600 end

B1202 · Answer

Hello, Does anyone have any idea on this one?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded