Configure Session TTL / Timeout in Fortinet

Hey there Mobile admins..

Recently, I’ve did some troubleshooting with Fortinet and ActiveSync timeout, also known as Event ID 3030 Source: Server ActiveSync with the following being output to the Application Log on an Exchange Server 2003 and 2007.

Event Type: Warning
Event Source: Server ActiveSync
Event Category: None
Event ID: 3033
The average of the most recent [200] heartbeat intervals used by clients is less than or equal to [9]. Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.

Read more on the Direct Push in Technet : Understanding Direct Push , typically you will need to adjust your session TTL to no less then 12 minutes.

Fortinet  lists the official help on the subject in – FD31862 – Customizing Session TTL in FortiOS 4.0 , FortiOS 4 also allows this in Per rule ! so for all those with FortiOS 3 , use the mentioned KB from Fortinet try the FortiOS CLI Reference..

Usually i set this time out to no less the 15 minutes or 900 seconds.. you’r call 🙂

-updated the link to Fortinet KB

12 thoughts on “Configure Session TTL / Timeout in Fortinet”

  1. Thanks for the info. Could you tell me which ports are required to be set to the extended timeout? Also, did you have to change the timeout in IIS as well?

    1. only port 443 for HTTPS , in my case..
      i actually didn’t changed the timout in the IIS.

      Cheers ! happy you’ve reached my blog 🙂

    1. Well , it might be that the cellular provider is actually closing the connection. it might be that the firewall is okay.

      if you still have doubts you could always put a sniffer and look for session termination..

  2. The link to the fortingate solution seems to be broken.
    I cannot find the information anywhere in de kb of fortinet.
    Can you provide other link or short description?

    1. Thanks for the heads up Johan, I’ve updated the link.
      Session TTL is noted in the CLI reference guide, update if you have issues.

      Happy holidays !

  3. # config vdom
    # edit “NAMEor Interface
    # config system session-ttl
    # config port
    # edit 443
    # set protocol 6
    # set end-port 443
    # set start-port 443
    # set timeout 960
    # end

Leave a Reply