FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmetzger
Staff
Staff
Article Id 191711

Description


You can change the TTL (time to live) for idle TCP sessions using the CLI. When the TTL limit is reached, the session is dropped.


Solution

 

Firmware versions prior to 4.0 MR1

This example shows how to set the default TCP TTL to 300 seconds and to set the TTL for TCP port 8787 to 3600 seconds.

config system session-ttl
   set default 300
     config port

       edit 8787
       set timeout 3600
       next
   end
end

Firmware versions 4.0 MR1 and above

 

This example shows how to set the default TCP TTL to 300 seconds and the TTL for TCP port 443 to 3600 seconds.

config system session-ttl
   set default 300
     config port
       edit 443
         set protocol 6
         set timeout 3600
         set end-port 443
         set start-port 443
        next
      end
end



Note that if VDOM is enabled, depending on the FortiOS version, the command might be available at global level or at VDOM level (v3.00 MR6 and above).

Related Articles

“The system has entered conserve mode” FortiGate log message explanation

Contributors