FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that with the firewall policy rule setting 'set schedule-timeout enable', a FortiGate immediately forces the session to end when the 'Stop Time' of a recurring 'schedule' object is reached.
Additional configuration steps are required in order to keep the session active until is finished or expired.
Disabling the schedule-timeout would allow the session to remain open after the schedule has expired. The session will end by time-out or if any FIN or RST are seen.
Through the CLI, the firewall policy firewall-session-dirty option is only available after changing the system settings:
1) Edit system settings:
# config system settings set firewall-session-dirty check-policy-option end
2) Edit the firewall policy rule:
# config firewall policy edit <ID of the policy> set schedule-timeout disabled
set firewall-session-dirty check-new end
The status of the session will change to 'persistent' once the end time of the schedule is reached and the traffic continues flowing.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.