Sysctl parameters defined in set system conntrack timeout should be moved to set firewall global-options, since that's the place were all sysctl parameters related to firwall/netfilter are defined.
vyos@clear-legacy# set system conntrack timeout
Possible completions:
> custom Define custom timeouts per connection
icmp ICMP timeout in seconds (default: 30)
other Generic connection timeout in seconds (default: 600)
> tcp TCP connection timeout options
> udp UDP timeout options
[edit]
vyos@clear-legacy# set system conntrack timeoutAll nodes, except custom, should be migrated to firewall section