Fortinet Document Library

Version:

7.0.5
6.4.9
6.4.8

Version:

6.4.6
6.2.9
6.2.7

Version:

6.2.6

Table of Contents

Hyperscale Firewall Guide

6.4.8
7.0.5
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6
Download PDF
Copy Link

Hyperscale firewall session timeouts

Using the following command you can define session timeouts for a specific protocols and port ranges for a hyperscale firewall VDOM. These session timeouts apply to sessions processed by the current hyperscale firewall VDOM. You can set up different session timeouts for each hyperscale firewall VDOM.

config system session-ttl

config port

edit 1

set protocol <protocol-number>

set timeout <timeout>

set refresh-direction {outgoing | incoming | both}

set start-port <port>

set end-port <port>

end

protocol <protocol-number> a protocol number in the range 0 to 255. Default 0.

timeout <timeout> the time in seconds after which a matching idle session is terminated. Range 1 to 2764800. Default 300.

refresh-direction {outgoing | incoming | both} control whether idle outgoing or incoming or both outgoing and incoming sessions are terminated when the timeout is reached.

start-port <port> / end port <port> the start and end ports in the range of ports that this session timeout configuration applies to. Range is 0 to 65535. Default is 0.

Note

Global session timeouts apply to sessions in hyperscale firewall VDOMs that do not match config system session-ttl settings in individual hyperscale firewall VDOMs.

You can also override global and per-VDOM session timeouts by setting the tcp-timeout-pid and udp-timeout-pid options in a hyperscale firewall policy.

Hyperscale firewall session timeouts

Using the following command you can define session timeouts for a specific protocols and port ranges for a hyperscale firewall VDOM. These session timeouts apply to sessions processed by the current hyperscale firewall VDOM. You can set up different session timeouts for each hyperscale firewall VDOM.

config system session-ttl

config port

edit 1

set protocol <protocol-number>

set timeout <timeout>

set refresh-direction {outgoing | incoming | both}

set start-port <port>

set end-port <port>

end

protocol <protocol-number> a protocol number in the range 0 to 255. Default 0.

timeout <timeout> the time in seconds after which a matching idle session is terminated. Range 1 to 2764800. Default 300.

refresh-direction {outgoing | incoming | both} control whether idle outgoing or incoming or both outgoing and incoming sessions are terminated when the timeout is reached.

start-port <port> / end port <port> the start and end ports in the range of ports that this session timeout configuration applies to. Range is 0 to 65535. Default is 0.

Note

Global session timeouts apply to sessions in hyperscale firewall VDOMs that do not match config system session-ttl settings in individual hyperscale firewall VDOMs.

You can also override global and per-VDOM session timeouts by setting the tcp-timeout-pid and udp-timeout-pid options in a hyperscale firewall policy.