Fortinet Document Library

Version:

Version:


Table of Contents

Hyperscale Firewall Guide

Download PDF
Copy Link

CGN session timeouts

Using the following command you can define session timeouts for a specific protocols and port ranges for a CGNAT VDOM. These session timeouts apply to hyperscale firewall carrier grade NAT sessions processed by the current VDOM. You can set up different session timeouts for each CGNAT VDOM.

config system session-ttl

config port

edit 1

set protocol <protocol-number>

set timeout <timeout>

set refresh-direction {outgoing | incoming | both}

set start-port <port>

set end-port <port>

end

protocol <protocol-number> a protocol number in the range 0 to 255. Default 0.

timeout <timeout> the time in seconds after which a matching idle session is terminated. Range 1 to 2764800. Default 300.

refresh-direction {outgoing | incoming | both} control whether idle outgoing or incoming or both outgoing and incoming sessions are terminated when the timeout is reached. This option is new for FortiOS 6.4.6.

start-port <port> / end port <port> the start and end ports in the range of ports that this session timeout configuration applies to. Range is 0 to 65535. Default is 0.

CGN session timeouts

Using the following command you can define session timeouts for a specific protocols and port ranges for a CGNAT VDOM. These session timeouts apply to hyperscale firewall carrier grade NAT sessions processed by the current VDOM. You can set up different session timeouts for each CGNAT VDOM.

config system session-ttl

config port

edit 1

set protocol <protocol-number>

set timeout <timeout>

set refresh-direction {outgoing | incoming | both}

set start-port <port>

set end-port <port>

end

protocol <protocol-number> a protocol number in the range 0 to 255. Default 0.

timeout <timeout> the time in seconds after which a matching idle session is terminated. Range 1 to 2764800. Default 300.

refresh-direction {outgoing | incoming | both} control whether idle outgoing or incoming or both outgoing and incoming sessions are terminated when the timeout is reached. This option is new for FortiOS 6.4.6.

start-port <port> / end port <port> the start and end ports in the range of ports that this session timeout configuration applies to. Range is 0 to 65535. Default is 0.