Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff

Created on ‎06-17-2009 09:23 AM Edited on ‎03-24-2022 07:19 AM By Anonymous

Article Id 191711

Technical Tip : Changing the TCP session TTL (time to live) on a FortiGate

Description


You can change the TTL (time to live) for idle TCP sessions using the CLI. When the TTL limit is reached, the session is dropped.


Solution

 

Firmware versions prior to 4.0 MR1

This example shows how to set the default TCP TTL to 300 seconds and to set the TTL for TCP port 8787 to 3600 seconds.

config system session-ttl
   set default 300
     config port
       edit 8787
       set timeout 3600
       next
   end
end

Firmware versions 4.0 MR1 and above

 

This example shows how to set the default TCP TTL to 300 seconds and the TTL for TCP port 443 to 3600 seconds.

config system session-ttl
   set default 300
     config port
       edit 443
         set protocol 6
         set timeout 3600
         set end-port 443
         set start-port 443
        next
      end
end


Note that if VDOM is enabled, depending on the FortiOS version, the command might be available at global level or at VDOM level (v3.00 MR6 and above).

Related Articles

“The system has entered conserve mode” FortiGate log message explanation

Labels:
27120
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.