SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Billful
Visitor
Billful
Posts: 1
Registered: ‎08-21-2010
0
Accepted Solution

How to change NAT translation timeout for UDP from default 60 seconds to something longer?

Options

‎08-21-2010 06:40 AM

What is the simplest way to change the default NAT translation timeout for UDP?

I would like to set it to something longer (say 300 seconds) than the default 60 seconds.

 

I'm doing Source NAT on an SRX100 running 10.0R1.8.

 

Thanks,

Bill

Message 1 of 2 (6,760 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
aarseniev
Posts: 1,176
Registered: ‎08-21-2009
0

Re: How to change NAT translation timeout for UDP from default 60 seconds to something longer?

Options

‎08-22-2010 09:23 AM

Hello,

I think this should help:

http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-s...

 

 

user@host# set applications application udp300s protocol udp destination-port 1-65535 inactivity-timeout 300 

 

And then match on newly created application udp300s in your policies.

 

Also, if you have UDP ALGs enabled like SIP ALG, it has more than 1 timeout:

http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-s...

 

HTH

Regards

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Message 2 of 2 (6,740 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.