You have to set timeout on Fotinet device for protocol you need. Example for Oracle SQLNet protocol, Fortigate CLI:
config system session-ttl set default 3600 config port edit 1521 set protocol 6 set timeout 28800 set end-port 1521 set start-port 1521 next end end With regards, Ivica On Wed, Nov 9, 2022 at 9:09 AM Vieri Di Paola <vieridipa...@gmail.com> wrote: > On Wed, Nov 9, 2022 at 8:15 AM Simon Matter <simon.mat...@invoca.ch> > wrote: > > > > > The Fortinet admin has set the following in his FW: > > > > > > set protocol 6 > > > set timeout 28800 > > ^^^^^^^^^^^^^^^^^ > > What's this value exactly? > > I don't have access to a Fortinet Fortigate system right now (and I'm > not the admin of the remote system anyway), but it seems to be a > "session timeout" as Fortinet seems to treat every connection as a > "session". > If that were true I guess it might be the equivalent of > net.netfilter.nf_conntrack_tcp_timeout_established which in my case is > 86400. > If that really were it then I wouldn't have to change anything. > The thing is that Fortinet seems to be able to apply a specific > timeout to a type of connection -- in this case any connection to port > tcp 1521 -- while net.netfilter.nf_conntrack_tcp_timeout_established > is system-wide. > > Or maybe Fortinet's "timeout" refers to something else. > > > Timeout can mean a lot. Could it be that the FW is doing some NAT and > this > > is the connection tracking timeout? > > I do not have that info. > > > Do you actually see any issues with these connections? Or do you just > want > > to have a matching configuration? > > Both. > The user has an application which connects to a remote Oracle DB. At > some point after x minutes idle the client software fails and > complains about a connection error. I've been told that it's because > of a timeout at FW level even though I'm guessing this wouldn't happen > if the software and/or client/server OS were properly configured with > keepalive connections. > > I'll try to get more info from Fortinet. > > Thanks > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
