Cisco Support Community
Community Member

Requirements or recommendations UCCE for Fortigate Firewall and Session Timeouts settings

Are there any (written) requirements or recommendations regarding UCCE+CVP+CUCM (with CTI OS Toolkit Desktop), when using a Firewall (in this case Fortigate) and a Session Timeout setting?

I attempted to find any reference with no luck so far.


By default this Session Timeout is set to 60 minutes.

Can/will this cause any problems, for example Disconnected phones or Desktops after a while being "inactive"?


Any other advise / remark are also welcome and highly appreciated as well!





Everyone's tags (1)

Eric,CTI OS Toolkit Desktop


CTI OS Toolkit Desktop sends a heartbeat to CTIOS Server every 5 seconds by default.

Similarly, SCCP phones send a keepalive to their Primary CUCM server every 30 seconds, and their Secondary every 60 seconds (as defined in the phone's CUCM group):


These fall well within your 60 minute session timeout.


Community Member

Hi Jameson,Thanks for your

Hi Jameson,

Thanks for your reply.

The said keep-alive mechanisms of IP phone and client software are known to me, but the question is more about the Session Timeout behavior of the firewall.
As far as I understand Fortigate has the ability to link it to a (specific) port. I lack knowledge of Fortigate to be sure, hence the questions.
I imagine that it could be a problem if an application communicates over a specific port (eg 42027) and is not accessible to the standard ICMP (ping) port.


Regards, Eric

Community Member

 Firewall where? Between Side


Firewall where? Between Side A and Side B or between Agent PCs and Phones?

Does not matter which firewall you use - ports that are used mist be open.

If between Side A and Side B servers - then UCCE, CUCM, CVP etc ports must be open.

If between Agent Phones/ PCs and the servers, then Agent <-> UCCE/CUCM/CTI ports needs to be open accordingly.


Community Member

Hi Kartik,Thank you too for

Hi Kartik,

Thank you too for taking the time for reading/responding to my post.

To answer your question: These Firewall(s) are used (at least) between the central equipment and users (Phones and Desktop).

But the question is not about the specific ports which must be open to allow communications between the components, they are documented and known (more or less :-), but more about the behavior of the Firewall itself around Sessions.

A Firewall can close Sessions after a certain timeout when no traffic is detected between 2 points (for example between Desktop client and Desktop server).

I can imagine that this could create problems when the mechanism is active but bound to the "wrong ports" or any other configurable items. Hence the question about the availability of (written) notes, remarks, comments or alike which could be useful in such case.

Regards, Eric

CreatePlease to create content