Fortinet black logo

Hyperscale Firewall Release Notes

Home FortiGate / FortiOS 6.2.7 Hyperscale Firewall Release Notes
6.2.7
7.2.4
7.2.3
7.2.2
7.2.1
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6

CGN session timeout improvements

CGN session timeout improvements

FortiOS 6.2.7 supports enhancements for controlling CGN session timeouts. In addition to improvements in how session timeouts are controlled, the following command now applies to hyperscale firewall carrier grade NAT sessions. Using this command you can define a session timeout for a specific protocol and port range.

config system session-ttl

config port

edit 1

set protocol <protocol-number>

set timeout <timeout>

set refresh-direction {outgoing | incoming | both}

set start-port <port>

set end-port <port>

end

protocol <protocol-number> a protocol number in the range 0 to 255. Default 0.

timeout <timeout> the time in seconds after which a matching idle session is terminated. Range 1 to 2764800. Default 300.

refresh-direction {outgoing | incoming | both} control whether idle outgoing or incoming or both outgoing and incoming sessions are terminated when the timeout is reached. This option is new for FortiOS 6.2.7.

start-port <port> / end port <port> the start and end ports in the range of ports that this session timeout configuration applies to. Range is 0 to 65535. Default is 0.

Note

The config system session-ttl command is a VDOM command, configured from a VDOM. However, there is a known issue that options set by this command apply to all CGNAT VDOMs and not just the VDOM in which they are set.

Previous
Next

CGN session timeout improvements

FortiOS 6.2.7 supports enhancements for controlling CGN session timeouts. In addition to improvements in how session timeouts are controlled, the following command now applies to hyperscale firewall carrier grade NAT sessions. Using this command you can define a session timeout for a specific protocol and port range.

config system session-ttl

config port

edit 1

set protocol <protocol-number>

set timeout <timeout>

set refresh-direction {outgoing | incoming | both}

set start-port <port>

set end-port <port>

end

protocol <protocol-number> a protocol number in the range 0 to 255. Default 0.

timeout <timeout> the time in seconds after which a matching idle session is terminated. Range 1 to 2764800. Default 300.

refresh-direction {outgoing | incoming | both} control whether idle outgoing or incoming or both outgoing and incoming sessions are terminated when the timeout is reached. This option is new for FortiOS 6.2.7.

start-port <port> / end port <port> the start and end ports in the range of ports that this session timeout configuration applies to. Range is 0 to 65535. Default is 0.

Note

The config system session-ttl command is a VDOM command, configured from a VDOM. However, there is a known issue that options set by this command apply to all CGNAT VDOMs and not just the VDOM in which they are set.

Previous
Next