Fortinet black logo

Hyperscale Firewall Guide

Session timeouts for individual hyperscale policies

Session timeouts for individual hyperscale policies

You can use the following commands to create TCP and UDP session timeout profiles and then apply these profiles to individual hyperscale firewall policies.

Use the following command to create a TCP timeout profile:

config global

config system npu

config tcp-timeout-profile

edit <tcp-profile-id>

set tcp-idle <seconds>

set fin-wait <seconds>

set close-wait <seconds>

set time-wait <seconds>

set syn-sent <seconds>

set syn-wait <seconds>

end

Use the following command to create a UDP timeout profile:

config global

config system npu

config udp-timeout-profile

edit <udp-profile-id>

set udp-idle <seconds>

end

Use the following command to apply a TCP and a UDP timeout profile to a hyperscale firewall policy:

config vdom

edit <hyperscale-firewall-vdom-name>

config firewall policy

edit 1

set action accept

set policy-offload enable

...

set tcp-timout-pid <tcp-profile-id>

set udp-timout-pid <ucp-profile-id>

...

end

For more information about creating TCP timeout profiles, see Configuring hyperscale TCP timeout profiles.

For more information about creating UDP timeout profiles, see Configuring hyperscale UDP timeout profiles.

Session timeouts for individual hyperscale policies

You can use the following commands to create TCP and UDP session timeout profiles and then apply these profiles to individual hyperscale firewall policies.

Use the following command to create a TCP timeout profile:

config global

config system npu

config tcp-timeout-profile

edit <tcp-profile-id>

set tcp-idle <seconds>

set fin-wait <seconds>

set close-wait <seconds>

set time-wait <seconds>

set syn-sent <seconds>

set syn-wait <seconds>

end

Use the following command to create a UDP timeout profile:

config global

config system npu

config udp-timeout-profile

edit <udp-profile-id>

set udp-idle <seconds>

end

Use the following command to apply a TCP and a UDP timeout profile to a hyperscale firewall policy:

config vdom

edit <hyperscale-firewall-vdom-name>

config firewall policy

edit 1

set action accept

set policy-offload enable

...

set tcp-timout-pid <tcp-profile-id>

set udp-timout-pid <ucp-profile-id>

...

end

For more information about creating TCP timeout profiles, see Configuring hyperscale TCP timeout profiles.

For more information about creating UDP timeout profiles, see Configuring hyperscale UDP timeout profiles.