Hi,
I am new to fortigate and struggling to findout current tcp idle connection timeout settings. could you please let me know how to check them? these firewalls are configured with multi-VDOMs and managed via fortimanager.
also, how do you change it?
thanks in advance.
ali
Okay you can do one of the following
1: "diag systems session" shows you the timer for each session and count down ( expire )
2: To change it, you can build a custom application and set the ttl in that and anything else that you think you need to modify
e.g
config firewall service custom
edti blah
set tcp-halfclose-timer 0 set tcp-halfopen-timer 0 set tcp-timewait-timer 0 set udp-idle-timer 0 set session-ttl 3900
end
or
3: go to global settings and do it but I think you can only modify udp-timer. You need to check
headsup; If you call support and you are complaining about something and it's an application with custom timers, 9 out of 10 times they will tell you to undo it.
FWIW , I would not mess with idle timers unless you have a reason and do it per custom-service imho
YMMV
Ken Felix
PCNSE
NSE
StrongSwan
As per my knowledge, when the session is in idle firewall will keep it default for 3600 seconds.
In case if there is no traffic it will remove the session.
You can go through this article for better understanding:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.