No session timeout
To allow clients to permanently connect with legacy medical applications and systems that do not have keepalive or auto-reconnect features, the session timeout can be set to never for firewall services, policies, and VDOMs.
The options to disable session timeout are hidden in the CLI.
To set the session TTL value of a custom service to never:
config firewall service custom edit "tcp_23" set tcp-portrange 23 set session-ttl never next end
To set the session TTL value of a policy to never:
config firewall policy edit 201 set srcintf "wan1" set dstintf "wan2" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "TCP_8080" set logtraffic disable set session-ttl never set nat enable next end
To set the session TTL value of a VDOM to never:
config system session-ttl set default never config port edit 1 set protocol 6 set timeout never set start-port 8080 set end-port 8080 next end end
To view a session list with the timeout set to never:
# diagnose sys session list session info: proto=6 proto_state=01 duration=9 expire=never timeout=never flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=3 origin-shaper= reply-shaper= per_ip_shaper= class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255 state=log may_dirty f00 statistic(bytes/packets/allow_err): org=2290/42/1 reply=2895/34/1 tuples=2 tx speed(Bps/kbps): 238/1 rx speed(Bps/kbps): 301/2 orgin->sink: org pre->post, reply pre->post dev=18->17/17->18 gwy=172.16.200.55/10.1.100.41 hook=post dir=org act=snat 10.1.100.41:34256->172.16.200.55:23(172.16.200.10:34256) hook=pre dir=reply act=dnat 172.16.200.55:23->172.16.200.10:34256(10.1.100.41:34256) pos/(before,after) 0/(0,0), 0/(0,0) misc=0 policy_id=9 auth_info=0 chk_client_info=0 vd=1 serial=00000b27 tos=ff/ff app_list=0 app=0 url_cat=0 rpdb_link_id = 00000000 ngfwid=n/a dd_type=0 dd_mode=0 npu_state=0x000001 no_offload no_ofld_reason: disabled-by-policy total session 1