Fortinet white logo
Fortinet white logo

CLI Reference

config system ngfw-settings

config system ngfw-settings

Configure IPS NGFW policy-mode VDOM settings.

config system ngfw-settings
    Description: Configure IPS NGFW policy-mode VDOM settings.
    set match-timeout {integer}
    set tcp-halfopen-match-timeout {integer}
    set tcp-match-timeout {integer}
end

config system ngfw-settings

Parameter

Description

Type

Size

Default

match-timeout

Number of seconds to wait before a security policy match for an idle non-TCP session (0 - 1800, default = 300, 0 means unlimited).

integer

Minimum value: 0 Maximum value: 1800

300

tcp-halfopen-match-timeout

Number of seconds to wait before a security policy match for a session after one peer has sent an open session packet but the other has not responded (0 - 300, default = 8, 0 means unlimited).

integer

Minimum value: 0 Maximum value: 300

8

tcp-match-timeout

Number of seconds to wait before a security policy match for an idle TCP session (0 - 1800, default = 300, 0 means unlimited).

integer

Minimum value: 0 Maximum value: 1800

300

config system ngfw-settings

config system ngfw-settings

Configure IPS NGFW policy-mode VDOM settings.

config system ngfw-settings
    Description: Configure IPS NGFW policy-mode VDOM settings.
    set match-timeout {integer}
    set tcp-halfopen-match-timeout {integer}
    set tcp-match-timeout {integer}
end

config system ngfw-settings

Parameter

Description

Type

Size

Default

match-timeout

Number of seconds to wait before a security policy match for an idle non-TCP session (0 - 1800, default = 300, 0 means unlimited).

integer

Minimum value: 0 Maximum value: 1800

300

tcp-halfopen-match-timeout

Number of seconds to wait before a security policy match for a session after one peer has sent an open session packet but the other has not responded (0 - 300, default = 8, 0 means unlimited).

integer

Minimum value: 0 Maximum value: 300

8

tcp-match-timeout

Number of seconds to wait before a security policy match for an idle TCP session (0 - 1800, default = 300, 0 means unlimited).

integer

Minimum value: 0 Maximum value: 1800

300