FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Markus_M
Staff
Staff

Description
Customizing Session TTL on the FortiGate.

 


Scope

 


Solution
Customize the session timeout for a particular port on the FortiGate unit with the following CLI commands:

 # config system session-ttl
 # config port

     edit <port_range_index>
         set end-port <port_number_int>
         set protocol <protocol_int>
         set start-port <port_number_int>
         set timeout {<timeout_int> | never}
      end
end

It is necessary to configure both the start-port and end-port. To specify a range, the start-port value must be lower than the end-port value. To specify a single port, the start-port value must be identical to the end-port value. The range is 0 to 65535.

To enter a port number range you must set protocol to 6 for TCP sessions or to 17 for UDP sessions.

This can be used if stale TCP sessions need to be timed out faster, or should stay alive longer as certain software might need a longer session-ttl to keep functioning.
Note: Changing this without being aware of the consequences might though have negative impact.

For the port numbers:
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

 

Related Articles

Technical Tip: Change session ttl on firewall policy

Contributors