Hey there Mobile admins..
Recently, I’ve did some troubleshooting with Fortinet and ActiveSync timeout, also known as Event ID 3030 Source: Server ActiveSync with the following being output to the Application Log on an Exchange Server 2003 and 2007.
Event Type: Warning
Event Source: Server ActiveSync
Event Category: None
Event ID: 3033
The average of the most recent  heartbeat intervals used by clients is less than or equal to . Make sure that your firewall configuration is set to work correctly with Exchange ActiveSync and direct push technology. Specifically, make sure that your firewall is configured so that requests to Exchange ActiveSync do not expire before they have the opportunity to be processed.
Read more on the Direct Push in Technet : Understanding Direct Push , typically you will need to adjust your session TTL to no less then 12 minutes.
Fortinet lists the official help on the subject in http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&externalId=FD31862 – FD31862 – Customizing Session TTL in FortiOS 4.0 , FortiOS 4 also allows this in Per rule ! so for all those with FortiOS 3 ,
use the mentioned KB from Fortinet try the FortiOS CLI Reference..
Usually i set this time out to no less the 15 minutes or 900 seconds.. you’r call 🙂
-updated the link to Fortinet KB
12 thoughts on “Configure Session TTL / Timeout in Fortinet”
Thanks for the info. Could you tell me which ports are required to be set to the extended timeout? Also, did you have to change the timeout in IIS as well?
only port 443 for HTTPS , in my case..
i actually didn’t changed the timout in the IIS.
Cheers ! happy you’ve reached my blog 🙂
Thanks for the info, but I’m still getting the error. Any suggestions?
Well , it might be that the cellular provider is actually closing the connection. it might be that the firewall is okay.
if you still have doubts you could always put a sniffer and look for session termination..
The link to the fortingate solution seems to be broken.
I cannot find the information anywhere in de kb of fortinet.
Can you provide other link or short description?
Thanks for the heads up Johan, I’ve updated the link.
Session TTL is noted in the CLI reference guide, update if you have issues.
Happy holidays !
Here’s what to type from the FortiGate CLI:
config system session-ttl
set end-port 443
set protocol 6
set start-port 443
set timeout 1800
Microsoft Recommends a 30 minute HTTPS timeout for the best Direct Push Experience:
http://technet.microsoft.com/en-us/library/aa997252.aspx (Bottom Section of Article)
Thanks for sharing your comment Zack !
Did you now the session-ttl precedence tree? policy ttl have precedence over system/port?
I actually did not, can you provide us with a link ? i will modify the post 🙂
# config vdom
# edit “NAMEor Interface
# config system session-ttl
# config port
# edit 443
# set protocol 6
# set end-port 443
# set start-port 443
# set timeout 960
session-ttl precedence tree