Hi,
you can create custom applications and define a custom application timeout there:
user@firewall# set applications application custom_app inactivity-timeout ?
Possible completions:
<timeout> Number of seconds (4 .. 86400)
never Disables inactivity timeout
The maximal size of the NAT table is predetermined by the specific SRX model you use. You can define some parameters here:
user@firewall# set security flow tcp-session ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
no-sequence-check Disable sequence-number checking
no-syn-check Disable creation-time SYN-flag check
no-syn-check-in-tunnel Disable creation-time SYN-flag check for tunnel packets
rst-invalidate-session Immediately end session on receipt of reset (RST) segment
rst-sequence-check Check sequence number in reset (RST) segment
strict-syn-check Enable strict syn check
tcp-initial-timeout Timeout for TCP session when initialization fails (20..300 seconds)
In addition, by using the SCREEN feature (found under [edit security screen]) you can limit sessions based on source IP, destination IP or both (but not on a per policy base like it is possible under ScreenOS).
Regards,
Dominik