Fortinet black logo

Session-Aware Load Balancing Cluster Guide

Home FortiController 5.2.11 Session-Aware Load Balancing Cluster Guide
5.2.11
5.2.11
5.2.10

Changing session timers

Changing session timers

Go to Load Balance > Session > Timer to view and change load balancing session timers. These timers control how long the FortiController waits before closing a session or performing a similar activity. In most cases you do not have to adjust these timers, but they are available for performance tuning. The range for each timer is 1 to 15,300 seconds.

Use the following command to change these timers from the CLI:

config load-balance session-age

set fragment 120

set pin-hole 120

set rsync 300

set tcp-half-close 125

set tcp-half-open 125

set tcp-normal 3605

set tcp-timewait 2

set udp 185

end

Four of these FortiController timers have corresponding timers in the FortiGate-5000 configuration. The FortiController timers must be set to values greater than or equal to the corresponding FortiGate-5000 timers.

The worker timers are (default values shown):

config global

config system global

set tcp-halfclose-timer 120

set tcp-halfopen-timer 120

set tcp-timewait-timer 1

set udp-idle-timer 180

end

The following timers are supported:

age-interval tcp normal The time to wait without receiving a packet before the session is considered closed. Default 3605 seconds.
age-interval tcp timewait The amount of time that the FortiController keeps normal TCP sessions in the TIME_WAIT state. Default is 2 seconds.
age-interval tcp half-open The amount of time that the FortiController keeps normal TCP sessions in the HALF_OPEN state. Default is 125 seconds.
age-interval tcp half-close The amount of time that the FortiController keeps normal TCP sessions in the HALF_CLOSE state. Default is 125 seconds.
age-interval udp The amount of time that the FortiController keeps normal UDP sessions open after a packet is received. Default is 185 seconds.
age-interval pin-hole The amount of time that the FortiController keeps pinhole sessions open. Default is 120 second.
age-interval rsync When two FortiControllers are operating in HA mode, this timer controls how long a synced session can remain on the subordinate unit due to inactivity. If the session is active on the primary unit, rsync updates the session on the subordinate unit. So a long delay means the session is no longer active and should be removed from the subordinate unit. Default is 300 seconds.
age-interval fragment To track fragmented frames, the FortiController creates fragmented sessions to track the individual fragments. Idle fragmented sessions are removed when this timer expires. Default is 120 seconds.
Previous
Next

Changing session timers

Go to Load Balance > Session > Timer to view and change load balancing session timers. These timers control how long the FortiController waits before closing a session or performing a similar activity. In most cases you do not have to adjust these timers, but they are available for performance tuning. The range for each timer is 1 to 15,300 seconds.

Use the following command to change these timers from the CLI:

config load-balance session-age

set fragment 120

set pin-hole 120

set rsync 300

set tcp-half-close 125

set tcp-half-open 125

set tcp-normal 3605

set tcp-timewait 2

set udp 185

end

Four of these FortiController timers have corresponding timers in the FortiGate-5000 configuration. The FortiController timers must be set to values greater than or equal to the corresponding FortiGate-5000 timers.

The worker timers are (default values shown):

config global

config system global

set tcp-halfclose-timer 120

set tcp-halfopen-timer 120

set tcp-timewait-timer 1

set udp-idle-timer 180

end

The following timers are supported:

age-interval tcp normal The time to wait without receiving a packet before the session is considered closed. Default 3605 seconds.
age-interval tcp timewait The amount of time that the FortiController keeps normal TCP sessions in the TIME_WAIT state. Default is 2 seconds.
age-interval tcp half-open The amount of time that the FortiController keeps normal TCP sessions in the HALF_OPEN state. Default is 125 seconds.
age-interval tcp half-close The amount of time that the FortiController keeps normal TCP sessions in the HALF_CLOSE state. Default is 125 seconds.
age-interval udp The amount of time that the FortiController keeps normal UDP sessions open after a packet is received. Default is 185 seconds.
age-interval pin-hole The amount of time that the FortiController keeps pinhole sessions open. Default is 120 second.
age-interval rsync When two FortiControllers are operating in HA mode, this timer controls how long a synced session can remain on the subordinate unit due to inactivity. If the session is active on the primary unit, rsync updates the session on the subordinate unit. So a long delay means the session is no longer active and should be removed from the subordinate unit. Default is 300 seconds.
age-interval fragment To track fragmented frames, the FortiController creates fragmented sessions to track the individual fragments. Idle fragmented sessions are removed when this timer expires. Default is 120 seconds.
Previous
Next