FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
TCP provides the ability for one end of a connection to terminate its output while still receiving data from the other end. This is called a half-close.
A FortiGate unit implements a specific timer before removing an entry in the firewall session table, so that a half-close connection can terminate sending their data.
Typical applications that use the half-close mechanism are SQL*Net, rsh and lpr.
This timer depends on the FortiOS maintenance release:
MR6, MR7, MR8, and MR9 - 120 seconds
MR10 - configurable using the following CLI command:
# config system global (global)# set tcp-halfclose-timer <integer> "tcp half close timeout: 1-86400s, default 120s"
