FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
shlee
Staff
Staff
Description
There are three places where session-ttl can be configured. Priority will be in the order 1 > 2 > 3 as shown below. Session-ttl under firewall service will override settings under firewall policy, and session-ttl under firewall policy will override settings under config system session-ttl.

1. Under firewall service configuration
config firewall service custom
    edit "FTP"
        set category "File Access"
        set tcp-portrange 21
        set session-ttl 4800
    next
end

2. Under firewall policy
config firewall policy
    edit 4
        set srcintf "mgmt1"
        set dstintf "port3"
        set srcaddr "all"
        set dstaddr "FTP"
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic disable
        set session-ttl 3600
    next
end

3. Under config system session-ttl
 config system session-ttl
        config port
            edit 1
                set protocol 6
                set timeout 28800
                set start-port 21
                set end-port 21
            next
        end
end

Solution
It is recommended to avoid configuring session ttl at multiple locations as they may override each other thus providing wrong timeout values and affecting traffic flow.

Contributors