Fortigate - Session Timeouts

For places that have lots of sessions and you’re using the session view lots the DNS sessions tend to be like 40% of the active sessions. FortiGate keeps them open for 3600 seconds by default which is a waste since most of the time dns only needs a couple of seconds. It also can’t really reuse the sessions.
 
The below will set the FortiGate to age out non active DNS protocol sessions after 15 seconds.
 
config system session-ttl
        config port
            edit 53
                set protocol 17
                set timeout 15
                set start-port 53
                set end-port 53
            next
        end
end

Comments

Post a Comment

Popular posts from this blog

Home Internet Security

I've been enjoying the ad and malware protection provided by my home pfSense box with the pfblocker page recently, however I wanted to investigate additional alternatives for users with less sophisticated home networking setups. https://pfsense.org/ https://doc.pfsense.org/index.php/Pfblocker Free or inexpensive DNS filtering solutions for home/SMB use. OpenDNS - https://www.opendns.com/ 208.67.222.222 208.67.220.220 Comodo Secure DNS - https://www.comodo.com/secure-dns/ 8.26.56.26 8.20.247.20 Neustar DNS - http://www.neustar.biz/services/dns-services/free-recursive-dns 156.154.70.1 156.154.71.1 Web filtering software for additional endpoint protection. http://www.nxfilter.org/p2/ http://dnsredirector.com/ http://www.safernet.co.za/ http://www1.k9webprotection.com/
Read more

vCenter Server Appliance - Full Database Partition

Issues with your vCSA appliance locking up or crashing due to a full database volume?  Before you go too crazy looking at the database itself, or adding more space to the volume, see this bug. After upgrading to vCenter Server Appliance 5.5 Update 2, pg_log file reports this error: WARNING: there is already a transaction in progress (2092127) http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2092127 SSH into vCenter vcenter:/ # df -h Filesystem      Size  Used Avail Use% Mounted on /dev/sda3       9.8G  3.7G  5.6G  41% / udev            4.0G  108K  4.0G   1% /dev tmpfs           4.0G     0  4.0G   0% /dev/shm /dev/sda1   ...
Read more

XCP-NG / Xen Orchestra (XOA) HomeLab Setup

 First things first - these resources/documentation are quite helpful during the setup process, especially if you are coming from the VMware side and haven't used Xen in many years. https://xcp-ng.org/docs/ https://xen-orchestra.com/docs/ https://www.linuxhelp.com/add-additional-hard-disk-xenserver https://support.citrix.com/article/CTX121313 Default Credentials Default Web UI credentials are admin@admin.net / admin Default console/SSH credentials are xoa / xoa (first login) Set Static Network Login to the console and run: xoa network static Sudo/Admin Access To avoid typing sudo for any admin command, you can have a root shell with sudo -s Storage Management (Work in Progress) During install, pick the install disk and then (1) disk for an initial VM datastore. If you select multiple disks it will try to span the SR across them. Only select (1) if available, the others will need to be added from the console after the initial installation is complete. *STRONGLY* recommended to use E...
Read more