Fortinet black logo

Handbook

Expectation sessions

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:479135
Download PDF

Expectation sessions

FortiOS session helpers keep track of the communication of layer-7 protocols such as FTP and SIP that have control sessions and expectation sessions. Usually the control sessions establish the link between server and client and negotiate the ports and protocols that will be used for data communications. The session helpers then create expectation sessions through the FortiGate for the ports and protocols negotiated by the control session.

The expectation sessions are usually the sessions that actually communicate data. For FTP, the expectation sessions transmit files being uploaded or downloaded. For SIP, the expectation sessions transmit voice and video data. Expectation sessions usually have a timeout value of 30 seconds. If the communication from the server is not initiated within 30 seconds, the expectation session times out and traffic will be denied.

By default the FGSP does not synchronize expectation sessions and if a failover occurs, the sessions will have to be restarted.

If you want to synchronize expectation sessions so that they will continue after a failover, you can enter the following:

config system ha

set session-pickup enable

set session-pickup-expectation enable

end

Expectation sessions

FortiOS session helpers keep track of the communication of layer-7 protocols such as FTP and SIP that have control sessions and expectation sessions. Usually the control sessions establish the link between server and client and negotiate the ports and protocols that will be used for data communications. The session helpers then create expectation sessions through the FortiGate for the ports and protocols negotiated by the control session.

The expectation sessions are usually the sessions that actually communicate data. For FTP, the expectation sessions transmit files being uploaded or downloaded. For SIP, the expectation sessions transmit voice and video data. Expectation sessions usually have a timeout value of 30 seconds. If the communication from the server is not initiated within 30 seconds, the expectation session times out and traffic will be denied.

By default the FGSP does not synchronize expectation sessions and if a failover occurs, the sessions will have to be restarted.

If you want to synchronize expectation sessions so that they will continue after a failover, you can enter the following:

config system ha

set session-pickup enable

set session-pickup-expectation enable

end