FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 198770


This article describes that with the firewall policy rule setting 'set schedule-timeout enable', a FortiGate immediately forces the session to end when the 'Stop Time' of a recurring 'schedule' object is reached.

Additional configuration steps are required in order to keep the session active until is finished or expired.


Disabling the schedule-timeout would allow the session to remain open after the schedule has expired. The session will end by time-out or if any FIN or RST are seen. 
Through the CLI, the firewall policy firewall-session-dirty option is only available after changing the system settings:

1) Edit system settings:
# config system settings
    set firewall-session-dirty check-policy-option
2) Edit the firewall policy rule:
# config firewall policy
    edit <ID of the policy>
        set schedule-timeout disabled
        set firewall-session-dirty check-new
The status of the session will change to 'persistent' once the end time of the schedule is reached and the traffic continues flowing.
Related documents: