Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
naveenk
Staff
Staff

Created on ‎04-28-2020 07:03 AM Edited on ‎08-12-2025 08:34 AM By Moderator

Article Id 189741

Technical Tip: Changing the TCP session TTL

Description

 

This article describes how to change the session TTL Value using the CLI for the idle TCP sessions.

 

Scope

 

FortiGate.

Solution

 

When the TTL limit is reached, the session is dropped.
 
On FortiGate this is configurable under each firewall policy.
By default each session uses the default TTL value in system wide session-ttl setting.

 

config firewall policy
    edit <policyID>
        set session-ttl <value>                        <----- Enter an integer value from <300> to <2764800> or (special = <0>).
end

 

The default TTL value can be configured as shown below.

 

config system session-ttl
    set default <value>        
    <integer>                                 <----- Value range (300 - 2764800).
end

 

Note: TTL value is not possible to change via GUI due to it is designed for easier configuration, but advanced tuning (like TTL or kernel-level settings) is CLI-only.

Labels:
13213
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.