Which SSL timer can be used to mitigate a denial of service (DoS) attack on the SSL VPN portal?

The correct choice is related to the SSL VPN http-request-header-timeout timer, which plays a crucial role in managing how long the FortiGate device waits for an entire HTTP header request to be received during an SSL VPN session establishment.

By configuring this timer, the system can limit the amount of time it will allow for incomplete or slow requests to avoid resource exhaustion that may occur during a DoS attack. If an attacker tries to overwhelm the VPN portal with numerous slow or malformed requests, the configured timer ensures that these requests are dropped if the full header is not received within the defined timeframe. This helps to free up server resources and maintain availability for legitimate users.

The other timers mentioned do serve different purposes, such as managing session duration or inactivity; however, they do not specifically address the immediate issue of incomplete HTTP headers in the context of an active DoS attack targeting the SSL VPN portal. Thus, the http-request-header-timeout is uniquely positioned to help mitigate such attack scenarios effectively.