FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to set TTL value.
Solution To allow clients to permanently connect with legacy medical applications and systems that do not have keepalive or auto-reconnect features, the session timeout can be set to never for firewall services, policies, and VDOMs. The options to disable session timeout are hidden in the CLI.
To set the session TTL value of a custom service to never.
# config firewall service custom edit "tcp_23" set tcp-portrange 23 set session-ttl never <---- Set to never. next end
To set the session TTL value of a policy to never.
# config firewall policy edit 201 set srcintf "wan1" set dstintf "wan2" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "TCP_8080" set logtraffic disable set session-ttl never <----- Set to never. set nat enable next end
To set the session TTL value of a VDOM to never.
# config system session-ttl set default never <----- Set to never. # config port edit 1 set protocol 6 set timeout never <----- Set to never. set start-port 8080 set end-port 8080 next end end
Enable this feature for many applications like live streams, medical applications, etc where the session will be ended for idle and timeouts configured.
To view a session list with the timeout set to never.
