On Wed, Nov 9, 2022 at 8:15 AM Simon Matter <simon.mat...@invoca.ch> wrote: > > > The Fortinet admin has set the following in his FW: > > > > set protocol 6 > > set timeout 28800 > ^^^^^^^^^^^^^^^^^ > What's this value exactly?
I don't have access to a Fortinet Fortigate system right now (and I'm not the admin of the remote system anyway), but it seems to be a "session timeout" as Fortinet seems to treat every connection as a "session". If that were true I guess it might be the equivalent of net.netfilter.nf_conntrack_tcp_timeout_established which in my case is 86400. If that really were it then I wouldn't have to change anything. The thing is that Fortinet seems to be able to apply a specific timeout to a type of connection -- in this case any connection to port tcp 1521 -- while net.netfilter.nf_conntrack_tcp_timeout_established is system-wide. Or maybe Fortinet's "timeout" refers to something else. > Timeout can mean a lot. Could it be that the FW is doing some NAT and this > is the connection tracking timeout? I do not have that info. > Do you actually see any issues with these connections? Or do you just want > to have a matching configuration? Both. The user has an application which connects to a remote Oracle DB. At some point after x minutes idle the client software fails and complains about a connection error. I've been told that it's because of a timeout at FW level even though I'm guessing this wouldn't happen if the software and/or client/server OS were properly configured with keepalive connections. I'll try to get more info from Fortinet. Thanks _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
