- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate 500D - 5.4 Session-TTL Question
Hello,
Can someone tell me what the default session-ttl value is? When I run config system session-ttl and show I get nothing.
(session-ttl) # show config system session-ttl end
I see it set in various firewall policies as "set session-ttl 0" which tells the policy to use the default. If the default above is not set what happens? Is there a built in default it's not showing me? I do not want to set a default and break anything.
The issue I am having is users are occasionally getting timeouts when using a web application from outside > DMZ. Sometimes it works fine and other times they get timeout errors. When looking at FortiAnalyzer traffic logs I see some sessions as "firewall action: close" and others as "firewall action: timeout"
The current policy that I am having issues with does NOT have any session-ttl values set. The service (http) under config firewall service custom has "set session-ttl 0" which again points back to a default that isn't set.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Default values aren't displayed with the "show" command. If you instead enter "show full" you'll probably see:
config system session-ttl set default 3600 end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Does anyone have any idea on this one?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Default values aren't displayed with the "show" command. If you instead enter "show full" you'll probably see:
config system session-ttl set default 3600 end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can also run the 'get' command to show the default values:
fortigate (session-ttl) # get default : 3600 port:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you! This is exactly what I was looking for. I didn't realize there was a difference between show and show full-configuration. This has explained a lot!