My VOIP vendor states that 2% of calls are not getting a response. They state that it is probably a problem with the "NAT UDP pinhole timeout". They recommend a value of 60 to 300 seconds. I do not find a place to set the UDP timeout value.
I was hoping to set a rule between the interfaces with the source being the phone network and the destination being the VOIP provider with the correct services and an elevated timeout value they are looking for. I do not see anywhere the UDP timeout can be set at the rule, destination address or service level. Is this a system wide setting (which I cannot find either)?
The answer is in above online help. But the default timer is 3600 as in the doc. So something else it going on.
For anyone following. The document above is talking about the session-ttl. That is not the same as the UDP or ICMP ttl. So what finally solved the issue was the following:
config sys global
set udp-idle-timer 300
end
hmm, I thought they're the same but sys global setting sets session ttl timer for everything while the other overrides on top more granularly. The manual below says this:
https://help.fortinet.com/cli/fos60hlp/60/Content/FortiOS/fortiOS-cli-ref/config/system/global.htm
"set udp-idle-timer {integer} UDP connection session timeout. This command can be useful in managing CPU and memory resources (1 - 86400 seconds (1 day), default = 60). range[1-86400]"
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1741 | |
1109 | |
755 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.