By Manny Fernandez

November 15, 2018

TCP Timeout on Fortigate Firewall

Use Case:

Municipality Customer. Has a Fire station app that runs through a Fortigate to a server behind the Fortigate. This application is used to monitor some “Fire Thingy” (A technical term for I don’t know or care the particular of the application). However it runs off of TCP 4099 over a telnet like connection.

The situation occurred when the user would walk away from the terminal.

Steps we took:
Set up a packet capture to capture anything destined to the DST IP and on TCP 4099. We sew the three-way handshake (SYN, SYN-ACK, ACK) and after an hour, we saw ACK packets with the FIN flag set being dropped. It was obvious that the TCP session had timed out.

By default on the Fortigate, a session will remain open for 1 hour afterwhich it will be closed. To be clear, this is an established TCP session and should not be confused with half-open sessions. The Fortigate can control this setting on a per-policy basis.

Final Outcome:

We created a policy that was very specific with source and destination as well as service being defined in the policy. We then right-clicked on the policy in the GUI and clicked ‘edit in cli’.

Once in the CLI, you can run the following command:

LAB-FW (57) # set session-ttl
session-ttl Enter an integer value from <300> to <604800> or (special = <0>).

As you can see, the default is 0 which is one hour. You CAN do up to 168 hours. Once you enter the command with the desired time in seconds, hit enter and then ‘end’.Hope this helps.

UPDATE: You can also set the ’session-ttl’ in the service as well

config firewall service custom
edit "TCP-4098"
set tcp-portrange 4098
set session-ttl 28800
next

 

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • 1. High-Level Overview The FortiGate Wireless Intrusion Detection System... Full Story

  • What MIMO Actually Does Multiple Input, Multiple Output (MIMO)... Full Story

  • A practitioner's tour of the diagnose, test, and fnsysctl... Full Story