On Fortigate, it is TCP Session timeout, as far as I know. With regards, Ivica
On Wed, Nov 9, 2022 at 2:09 PM Simon Matter <simon.mat...@invoca.ch> wrote: > > You have to set timeout on Fotinet device for protocol you need. Example > > for Oracle SQLNet protocol, Fortigate CLI: > > > > config system session-ttl > > set default 3600 > > config port > > edit 1521 > > set protocol 6 > ^^^^^ > This one is clear, TCP. > > > set timeout 28800 > ^^^^^^^^^^ > But here, what kind of timeout is this exactly? TCP session timeout, NAT > connection tracking timeout or what? > > Regards, > Simon > > > set end-port 1521 > > set start-port 1521 > > next > > end > > end > > > > With regards, Ivica > > > > On Wed, Nov 9, 2022 at 9:09 AM Vieri Di Paola <vieridipa...@gmail.com> > > wrote: > > > >> On Wed, Nov 9, 2022 at 8:15 AM Simon Matter <simon.mat...@invoca.ch> > >> wrote: > >> > > >> > > The Fortinet admin has set the following in his FW: > >> > > > >> > > set protocol 6 > >> > > set timeout 28800 > >> > ^^^^^^^^^^^^^^^^^ > >> > What's this value exactly? > >> > >> I don't have access to a Fortinet Fortigate system right now (and I'm > >> not the admin of the remote system anyway), but it seems to be a > >> "session timeout" as Fortinet seems to treat every connection as a > >> "session". > >> If that were true I guess it might be the equivalent of > >> net.netfilter.nf_conntrack_tcp_timeout_established which in my case is > >> 86400. > >> If that really were it then I wouldn't have to change anything. > >> The thing is that Fortinet seems to be able to apply a specific > >> timeout to a type of connection -- in this case any connection to port > >> tcp 1521 -- while net.netfilter.nf_conntrack_tcp_timeout_established > >> is system-wide. > >> > >> Or maybe Fortinet's "timeout" refers to something else. > >> > >> > Timeout can mean a lot. Could it be that the FW is doing some NAT and > >> this > >> > is the connection tracking timeout? > >> > >> I do not have that info. > >> > >> > Do you actually see any issues with these connections? Or do you just > >> want > >> > to have a matching configuration? > >> > >> Both. > >> The user has an application which connects to a remote Oracle DB. At > >> some point after x minutes idle the client software fails and > >> complains about a connection error. I've been told that it's because > >> of a timeout at FW level even though I'm guessing this wouldn't happen > >> if the software and/or client/server OS were properly configured with > >> keepalive connections. > >> > >> I'll try to get more info from Fortinet. > >> > >> Thanks > >> > >> > >> _______________________________________________ > >> Shorewall-users mailing list > >> Shorewall-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > >> > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
