Adjusting global DP3 timers
This section describes the global DP3 timers that you can adjust from the CLI. These timers affect the operation of the Fortigate-6000 DP3 processor.
config global
config system global
set dp-fragment-timer <timer>
set dp-pinhole-timer <timer>
set dp-tcp-normal-timer <timer>
set dp-udp-idle-timer <timer>
end
dp-fragment-timer
the time to wait for the next fragment of a fragmented packet. The range is 1 to 65535 seconds. The default is 120 seconds. See Load balancing TCP, UDP, and ICMP sessions with fragmented packets.
dp-pinhole-timer
the time to wait to close a pinhole if no more matching traffic that would use the pinhole is received by the DP3 processor. The range is 30 to 120 seconds. The default is 120 seconds.
dp-tcp-normal-timer
the time to wait before the DP3 processor closes an idle TCP session. The range is 1 to 65535 seconds. The default is 3605 seconds. Some FortiGate-6000 implementations may need to increase this timer if TCP or UDP sessions with NAT enabled are expected to or found to be idle for more than 3605 seconds.
dp-udp-idle-timer
the time to wait before the DP3 processor closes an idle UDP session. The range is 1 to 86400 seconds. The default is 0, which means the DP3 processor uses the UDP idle timer set by the udp-idle-timer
option of the config system global
command.