FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
skaneria
Staff
Staff
Article Id 194357

Description


This article talks about the default timeout value (session-ttl) for on Fortigate device.

Solution

 

FortiGate will keep the session in its session table for specific time when session is IDLE. The default value of session-ttl is 3600 seconds which can be modified.

 

FGT # show full-configuration system session-ttl
config system session-ttl
    set default 3600 (Range: 300 - 2764800 seconds)
end

 

However, the default value of specific protocols can be modified as follows.

FGT # config system session-ttl
FGT (session-ttl) # config port
FGT (port) # edit 1
new entry '1' added
FGT (1) # set protocol
protocol Enter an integer value from <0> to <255>.
FGT (1) # set protocol 1 <--- protocol 1 is ICMP. More protocol numbers can be found in related link.
FGT (1) # end
FGT (session-ttl) # end

 

FGT # show full-configuration system session-ttl
config system session-ttl
    set default 3600
    config port
        edit 1
            set protocol 1
            set timeout 300 <--- default is 300 seconds

        next
    end
end

 

Related Links:
Protocol Numbers