Fortigate - Session Timeouts

For places that have lots of sessions and you’re using the session view lots the DNS sessions tend to be like 40% of the active sessions. FortiGate keeps them open for 3600 seconds by default which is a waste since most of the time dns only needs a couple of seconds. It also can’t really reuse the sessions.
 
The below will set the FortiGate to age out non active DNS protocol sessions after 15 seconds.
 
config system session-ttl
        config port
            edit 53
                set protocol 17
                set timeout 15
                set start-port 53
                set end-port 53
            next
        end
end

Comments

Post a Comment

Popular posts from this blog

Dell iDRAC 6 Update via SSH & TFTP

Below is syntax of racadm command to update iDRAC FW with TFTP Download the firmimg.d6 file and place it on your TFTP server. Connect to iDRAC via SSH and then run the appropriate command. racadm fwupdate -g -u -a < path > where path is the location on the TFTP server where the firmimg.d6 is stored including the TFTP server IP address Path: < TFTP Server IP > -d < Firmware image path on TFTP server > Case1: If firmimg.d6 image is in tftp root folder, path       racadm fwupdate -g -u -a < TFTP Server IP Address > Case2: If firmimg.d6 image is in sub folder of tftp root       racadm fwupdate -g -u -a < TFTP Server IP Address > -d < Sub folder Path >
Read more

vCenter Server Appliance - Full Database Partition

Issues with your vCSA appliance locking up or crashing due to a full database volume?  Before you go too crazy looking at the database itself, or adding more space to the volume, see this bug. After upgrading to vCenter Server Appliance 5.5 Update 2, pg_log file reports this error: WARNING: there is already a transaction in progress (2092127) http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2092127 SSH into vCenter vcenter:/ # df -h Filesystem      Size  Used Avail Use% Mounted on /dev/sda3       9.8G  3.7G  5.6G  41% / udev            4.0G  108K  4.0G   1% /dev tmpfs           4.0G     0  4.0G   0% /dev/shm /dev/sda1       128M   21M  101M  18% /boot /dev/sdb1        20G  8.3G   11G  45% /storage/core /dev/sdb2        20G  3.6G   16G  19% /storage/log /dev/sdb3       256G  243G   51M 100% /storage/db vcenter:~ # cd /storage/db/vpostgres/ vcentereast:/storage/db/v
Read more

Update Intel NIC Firmware

 I needed to update the firmware on some Intel X540-T2 cards that I had gotten for my homelab.  The cards didn't appear to have been updated in some time. https://downloadcenter.intel.com/download/29137/Ethernet-Intel-Ethernet-Connections-Boot-Utility-Preboot-Images-and-EFI-Drivers?product=58954 After downloading the latest firmware from Intel, I was struggling on the bootutil update syntax.  I came across this blog post that was quite helpful. https://calvin.me/how-to-update-intel-nic-firmware I also found this Intel support article that broke down the syntax and options for the bootutil command. https://www.intel.com/content/www/us/en/support/articles/000005790/software.html My cards had both the PXE and UEFI firmware, so I had to use the following: bootutil64e.efi -UP=PXE+EFI -ALL -File=BootIMG.FLB
Read more