FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 196264
Description
The CLI can be used to change the TTL (time to live) for idle TCP sessions. When the TTL limit is reached, the session is dropped.
 
For firmware V4.0 and above this is configurable under each firewall policy. By default each session uses the default TTL value in system wide session-ttl setting.

Scope
TCP, session-ttl, ttl, FortiOS 4.0, per firewall policy.
Solution
This example shows how to override the default TTL value to 150 for a specific firewall policy.
 
config firewall policy
    edit 1                   // Where numerical value is the firewall policy ID.
        set session-ttl 150  // Set the session-ttl value to 150 secs.
    next
end
Note: This configuration is available for firmware V4.0 and above.
 
 
The default TTL value can be configured as shown below.
config system session-ttl
    set default 300        // set the default session-ttl value to 300 secs.
end

Related Articles

Technical Note : Changing the TCP session TTL (time to live) on a FortiGate

“The system has entered conserve mode” FortiGate log message explanation

List of most popular articles related to FortiGate Firewall features and settings (Policy, VIP, Prot...