Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
irodriguez_FTNT
Staff
Staff

Created on ‎08-05-2016 02:22 AM

Technical Note: Keeping an active session when 'Schedule expiration' is disabled

Description
With the firewall policy rule setting 'set schedule-timeout disabled', a FortiGate immediately forces the session to end when the 'Stop Time' of a recurring 'schedule' object is reached.

Additional configuration steps are required in order to keep the session active until is finished or expired.

Solution
Through the CLI, follow the steps given below:

1) Edit the firewall policy rule
# config firewall policy
# edit <ID of the policy>
# set schedule-timeout disabled
# set firewall-session-dirty check-new
# end

2) Edit system settings
# config system settings
# set firewall-session-dirty check-policy-option
# end

The status of the session will change to 'persistent' once the end time of the schedule is reached and the traffic continues flowing.

1740
0 Kudos
Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media

Security Research

Company

News & Articles

Contact Us

Copyright 2022 Fortinet, Inc. All Rights Reserved.