FortiGate Session Timeout

This article describes how to change the session TTL for a specific port. In this example it is telnet.

config system session-ttl
 set default 1800
 config port
 edit 1
  set protocol 6
  set timeout 3600
  set start-port 23
  set end-port 23
 next
end

The session timeout is in seconds.

Protocol 6 is TCP.

Protocol 17 is UDP.

If you do set protocol 0, the TTL is valid for all protocols.

Alternatively you can change the TTL per policy. Again, this is only possible on the command line.

config firewall policy
  edit <policy-id>
    set session-ttl 1800
  next
end

It is also possible to change the TTL per application using Application Control on the CLI.

Close Menu