FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
There are three places where session-ttl can be configured. Priority will be in the order 1 > 2 > 3 as shown below. Session-ttl under firewall service will override settings under firewall policy, and session-ttl under firewall policy will override settings under config system session-ttl.
1. Under firewall service configuration
config firewall service custom edit "FTP" set category "File Access" set tcp-portrange 21 set session-ttl 4800 next end
2. Under firewall policy
config firewall policy edit 4 set srcintf "mgmt1" set dstintf "port3" set srcaddr "all" set dstaddr "FTP" set action accept set schedule "always" set service "ALL" set logtraffic disable set session-ttl 3600 next end
3. Under config system session-ttl
config system session-ttl config port edit 1 set protocol 6 set timeout 28800 set start-port 21 set end-port 21 next end end
It is recommended to avoid configuring session ttl at multiple locations as they may override each other thus providing wrong timeout values and affecting traffic flow.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.