FortiGate 500D - 5.4 Session-TTL Question

Author
bry1202
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Status: offline
2018/01/11 11:49:38 (permalink)
0

FortiGate 500D - 5.4 Session-TTL Question

Hello,
 
Can someone tell me what the default session-ttl value is?  When I run config system session-ttl and show I get nothing.
(session-ttl) # show
config system session-ttl
end
 
I see it set in various firewall policies as "set session-ttl 0" which tells the policy to use the default.  If the default above is not set what happens?  Is there a built in default it's not showing me?  I do not want to set a default and break anything. 
 
The issue I am having is users are occasionally getting timeouts when using a web application from outside > DMZ.  Sometimes it works fine and other times they get timeout errors.  When looking at FortiAnalyzer traffic logs I see some sessions as "firewall action: close" and others as "firewall action: timeout" 
 
The current policy that I am having issues with does NOT have any session-ttl values set.  The service (http) under config firewall service custom has "set session-ttl 0" which again points back to a default that isn't set.
 
#1
bry1202
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Status: offline
Re: FortiGate 500D - 5.4 Session-TTL Question 2018/01/12 15:36:45 (permalink)
0
Hello,
 
Does anyone have any idea on this one?
#2
tanr
Gold Member
  • Total Posts : 409
  • Scores: 14
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: FortiGate 500D - 5.4 Session-TTL Question 2018/01/12 17:23:58 (permalink)
0
Default values aren't displayed with the "show" command.  If you instead enter "show full" you'll probably see:
 
config system session-ttl
    set default 3600
end
 
#3
neonbit
Gold Member
  • Total Posts : 409
  • Scores: 31
  • Reward points: 0
  • Joined: 2013/07/02 21:39:52
  • Location: Dark side of the moon
  • Status: offline
Re: FortiGate 500D - 5.4 Session-TTL Question 2018/01/13 01:22:39 (permalink)
0
You can also run the 'get' command to show the default values:
 
fortigate (session-ttl) # get
default : 3600
port:
#4
Jump to:
© 2018 APG vNext Commercial Version 5.5