Hello,
@Alshan wrote:
This is confusing me a little - I thought each NAT binding was representative of ONE session.
This is not entirely true in case of peer-to-peer traffic (Bittorrent, for instance) where many sessions can be originated by internal end host using same private.src.IP+src.port combo towards many external peers with varying dst.IP+dst.port.
Consequently, these sessions can reuse the same Xlated.public.src.IP+xlated.port combo on SRX.
The relationship between private.src.IP+src.port<->public.xlated.src.IP+xlated.port is called "binding" or "mapping" depending on which RFC You read
The maximum number of sessions which can be allowed through any single persistent NAT binding is configured using "max-session-number" knob.
HTH
Thanks
Alex