Fortigate Firewall TCP idle conenction timeout settings

Forum|Forum|5 years ago
March 9, 2021
2 replies
20005 views

Hi,

I am new to fortigate and struggling to findout current tcp idle connection timeout settings. could you please let me know how to check them? these firewalls are configured with multi-VDOMs and managed via fortimanager.

also, how do you change it?

thanks in advance.

ali

Fortimanager

emnoc

New Member

Okay you can do one of the following

1: "diag systems session" shows you the timer for each session and count down ( expire )

2: To change it, you can build a custom application and set the ttl in that and anything else that you think you need to modify

e.g

config firewall service custom

edti blah

set tcp-halfclose-timer 0

set tcp-halfopen-timer 0

set tcp-timewait-timer 0

set udp-idle-timer 0

set session-ttl 3900

end

or

3: go to global settings and do it but I think you can only modify udp-timer. You need to check

headsup; If you call support and you are complaining about something and it's an application with custom timers, 9 out of 10 times they will tell you to undo it.

FWIW , I would not mess with idle timers unless you have a reason and do it per custom-service imho

YMMV

Ken Felix

seshuganesh

Staff

As per my knowledge, when the session is in idle firewall will keep it default for 3600 seconds.
In case if there is no traffic it will remove the session.

You can go through this article for better understanding:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Default-session-timeout-value-session-ttl/ta-p/194357

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded