Fortinet

FortiGate—Change_TCP_TTL

Reference

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Changing-the-TCP-session-TTL-time-to-live-on-a/ta-p/191711

Situation

# 客戶反映電腦放置後系統會當機
The customer reported that the computer crashes when left idle for a period of time.

# 重啟後正常
After restarting, the system returns to normal operation.

Solution 1 - Default Session timeout

[1]
Login FortiGate CMD

[2]
# 更改session的ttl至1天(預設是3600秒)
config system session-ttl
  set default 86400
end

Solution 2 - Port Session timeout

[1]
Login FortiGate CMD

[2]
# 更改session的ttl至1天(預設是3600秒)
config system session-ttl
    config port
        edit 1
          set protocol 6
          set timeout 86400
          set start-port 443
          set end-port 443
        next
    end
end

Solution 3 - Policy Session timeout

[1]
Login FortiGate CMD

[2]
# 更改session的ttl至1天(預設是3600秒)
config firewall policy
  edit 1
    set session-ttl 86400
end

Troubleshooting

# 顯示session
diagnose sys session list

# 清除session
diagnose sys session clear