SRX Services Gateway
Reply
Super Contributor
B2
Posts: 208
Registered: ‎05-06-2010
0
Accepted Solution

Chaning inacitvity timeout for all terms in custom application

[ Edited ]

  What would be the easiest way to set an inactivity timeout for all terms that are inside a custom application configuration?

Distinguished Expert
Screenie
Posts: 1,076
Registered: ‎01-10-2008

Re: Chaning inacitvity timeout for all terms in custom application

That would be an apply group! Don't have an srx at hand now to look up the right syntax, will try to post an example tommorow (Amsterdam time) if nobody is faster.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
Screenie
Posts: 1,076
Registered: ‎01-10-2008

Re: Chaning inacitvity timeout for all terms in custom application

OK, here's the example. You could overwrite the default on a specic application by configuring the inactivty time on that application.

 

I configured this apply group (setting timeout to 15 minutes):

 

app-timeout {
    applications {
        application <*> inactivity-timeout 15;
    }
}

 

To configure this: set groups app-timeout applications application <*> inactivity-timeout 15

 

My applications look like this

 

apply-groups app-timeout;
application app1 {
    protocol tcp;
    destination-port 234;
}
application app2 {
    protocol tcp;
    destination-port 345;
}

 

( set applications apply-group app-timeout to apply the group on youe definition)

 

To show the result:

 

root@vr-device# show applications | display inheritance
application app1 {
    protocol tcp;
    destination-port 234;
    ##
    ## '15' was inherited from group 'app-timeout'
    ##
    inactivity-timeout 15;
}
application app2 {
    protocol tcp;
    destination-port 345;
    ##
    ## '15' was inherited from group 'app-timeout'
    ##
    inactivity-timeout 15;
}

 

Be aware that some applications don't handle broken connections very well. so putting all your application on a tight time-out might result in errors at some applications.

 

 


 

 

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Super Contributor
B2
Posts: 208
Registered: ‎05-06-2010
0

Re: Chaning inacitvity timeout for all terms in custom application

Thanks for the reply Screenie, I figured it would be something to do with groups.  Looking at your example however, I don't want to set the application timeout for ALL custom applications, just the terms in a single application.  For example, look at this application:

 

    application vbrick {
        term vbrick protocol tcp destination-port 9875-9877 source-port 0-65535;
        term vbrick_1 protocol udp destination-port 554-555 source-port 0-65535;
        term vbrick_2 protocol tcp destination-port 554-555 source-port 0-65535;
        term vbrick_3 protocol udp destination-port 9875-9876 source-port 0-65535;
        term vbrick_4 protocol udp destination-port 1755-1756 source-port 0-65535;
        term vbrick_5 protocol tcp destination-port 1755-1756 source-port 0-65535;
    }

 

If I set 'application timeout' under 'application vbrick' I get an error when I try to commit.  It is ok if I set the application timeout under each individual term (i.e. vbrick, vbrick_1, etc).  I was just thinking of a quick, or quicker way to set an application timeout under earch of those terms in the application.

Distinguished Expert
Screenie
Posts: 1,076
Registered: ‎01-10-2008

Re: Chaning inacitvity timeout for all terms in custom application

In that case you could define an apply-group for the term leven. Should look like this:

 

set group time-out-vbrick applications application vbrick term <*> inactivity-timout xxx

 

And apply it like this

 

set applications application vbrick apply-group time-out-vbrick

 

So cool, using apply-groups!

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.