FortinetFortinet
NSE4 · Question #87
NSE4 Question #87: Real Exam Question with Answer & Explanation
The correct answer is A: Sessions can be idle for no more than 1800 seconds.. The config system session-ttl set default 1800 command sets the default idle timeout for sessions on the FortiGate to 1800 seconds.
Submitted by minji_kr· Apr 18, 2026FortiGate Deployment and System Configuration
Question
Examine the following CLI configuration: config system session-ttl set default 1800 end What statement is true about the effect of the above configuration line?
Options
- ASessions can be idle for no more than 1800 seconds.
- BThe maximum length of time a session can be open is 1800 seconds.
- CAfter 1800 seconds, the end user must re-authenticate.
- DAfter a session has been open for 1800 seconds, the FortiGate sends a keepalive packet to both
Explanation
The config system session-ttl set default 1800 command sets the default idle timeout for sessions on the FortiGate to 1800 seconds.
Common mistakes.
- B. This command sets the idle timeout, not the absolute maximum length of time a session can be open; active sessions will reset their idle timer.
- C. The
session-ttlcommand manages session state termination based on inactivity, not user re-authentication; re-authentication is typically governed by authentication policies or timeouts. - D. FortiGate session-ttl refers to the session's idle timeout, and the device does not automatically send keepalive packets to prolong sessions based on this setting.
Concept tested. FortiGate session idle timeout (session-ttl)
Reference. https://docs.fortinet.com/document/fortigate/7.4.0/cli-reference/62078/config-system-session-ttl
Topics
#session management#session timeout#FortiGate CLI#system configuration
Community Discussion
No community discussion yet for this question.