Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
khan0234
New Contributor

Fortigate Firewall TCP idle conenction timeout settings

Hi,

 

I am new to fortigate and struggling to findout current tcp idle connection timeout settings. could you please let me know how to check them? these firewalls are configured with multi-VDOMs and managed via fortimanager.

 

also, how do you change it?

 

thanks in advance.

ali

2 REPLIES 2
emnoc
Esteemed Contributor III

Okay you can do one of the following 

 

1:   "diag systems session"  shows you the timer  for each session and count down ( expire )

 

2: To change it, you can build a custom application and set the ttl in that and anything else that you think you need to modify

 

e.g

 

config firewall service custom 

   edti blah 

      

        set tcp-halfclose-timer 0

        set tcp-halfopen-timer 0

        set tcp-timewait-timer 0

        set udp-idle-timer 0

        set session-ttl 3900

 

end

 

or

 

3: go to global settings  and do it but I think you can only modify udp-timer. You need to check 

 

headsup;   If you call support and you are complaining about something and it's an application with custom timers, 9 out of 10 times they will tell you to undo it.

 

FWIW , I would not mess with idle timers unless you have a reason and do it per custom-service imho

 

YMMV

 

Ken Felix

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
seshuganesh
Staff
Staff

As per my knowledge, when the session is in idle firewall will keep it default for 3600 seconds.
In case if there is no traffic it will remove the session.

You can go through this article for better understanding:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Default-session-timeout-value-session-ttl/...

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors