CGN session timeout improvements
FortiOS 6.2.7 supports enhancements for controlling CGN session timeouts. In addition to improvements in how session timeouts are controlled, the following command now applies to hyperscale firewall carrier grade NAT sessions. Using this command you can define a session timeout for a specific protocol and port range.
config system session-ttl
config port
edit 1
set protocol <protocol-number>
set timeout <timeout>
set refresh-direction {outgoing | incoming | both}
set start-port <port>
set end-port <port>
end
protocol <protocol-number>
a protocol number in the range 0 to 255. Default 0.
timeout <timeout>
the time in seconds after which a matching idle session is terminated. Range 1 to 2764800. Default 300.
refresh-direction {outgoing | incoming | both}
control whether idle outgoing or incoming or both outgoing and incoming sessions are terminated when the timeout is reached. This option is new for FortiOS 6.2.7.
start-port <port>
/ end port <port>
the start and end ports in the range of ports that this session timeout configuration applies to. Range is 0 to 65535. Default is 0.
The |