- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate Firewall TCP idle conenction timeout settings
Hi,
I am new to fortigate and struggling to findout current tcp idle connection timeout settings. could you please let me know how to check them? these firewalls are configured with multi-VDOMs and managed via fortimanager.
also, how do you change it?
thanks in advance.
ali
- Labels:
-
FortiManager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay you can do one of the following
1: "diag systems session" shows you the timer for each session and count down ( expire )
2: To change it, you can build a custom application and set the ttl in that and anything else that you think you need to modify
e.g
config firewall service custom
edti blah
set tcp-halfclose-timer 0 set tcp-halfopen-timer 0 set tcp-timewait-timer 0 set udp-idle-timer 0 set session-ttl 3900
end
or
3: go to global settings and do it but I think you can only modify udp-timer. You need to check
headsup; If you call support and you are complaining about something and it's an application with custom timers, 9 out of 10 times they will tell you to undo it.
FWIW , I would not mess with idle timers unless you have a reason and do it per custom-service imho
YMMV
Ken Felix
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As per my knowledge, when the session is in idle firewall will keep it default for 3600 seconds.
In case if there is no traffic it will remove the session.
You can go through this article for better understanding:
