SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Chaning inacitvity timeout for all terms in custom application

    Posted 03-08-2012 14:04

      What would be the easiest way to set an inactivity timeout for all terms that are inside a custom application configuration?



  • 2.  RE: Chaning inacitvity timeout for all terms in custom application

    Posted 03-08-2012 14:34

    That would be an apply group! Don't have an srx at hand now to look up the right syntax, will try to post an example tommorow (Amsterdam time) if nobody is faster.



  • 3.  RE: Chaning inacitvity timeout for all terms in custom application

    Posted 03-09-2012 00:50

    OK, here's the example. You could overwrite the default on a specic application by configuring the inactivty time on that application.

     

    I configured this apply group (setting timeout to 15 minutes):

     

    app-timeout {
        applications {
            application <*> inactivity-timeout 15;
        }
    }

     

    To configure this: set groups app-timeout applications application <*> inactivity-timeout 15

     

    My applications look like this

     

    apply-groups app-timeout;
    application app1 {
        protocol tcp;
        destination-port 234;
    }
    application app2 {
        protocol tcp;
        destination-port 345;
    }

     

    ( set applications apply-group app-timeout to apply the group on youe definition)

     

    To show the result:

     

    root@vr-device# show applications | display inheritance
    application app1 {
        protocol tcp;
        destination-port 234;
        ##
        ## '15' was inherited from group 'app-timeout'
        ##
        inactivity-timeout 15;
    }
    application app2 {
        protocol tcp;
        destination-port 345;
        ##
        ## '15' was inherited from group 'app-timeout'
        ##
        inactivity-timeout 15;
    }

     

    Be aware that some applications don't handle broken connections very well. so putting all your application on a tight time-out might result in errors at some applications.

     

     


     

     



  • 4.  RE: Chaning inacitvity timeout for all terms in custom application

    Posted 03-09-2012 07:14

    Thanks for the reply Screenie, I figured it would be something to do with groups.  Looking at your example however, I don't want to set the application timeout for ALL custom applications, just the terms in a single application.  For example, look at this application:

     

        application vbrick {
            term vbrick protocol tcp destination-port 9875-9877 source-port 0-65535;
            term vbrick_1 protocol udp destination-port 554-555 source-port 0-65535;
            term vbrick_2 protocol tcp destination-port 554-555 source-port 0-65535;
            term vbrick_3 protocol udp destination-port 9875-9876 source-port 0-65535;
            term vbrick_4 protocol udp destination-port 1755-1756 source-port 0-65535;
            term vbrick_5 protocol tcp destination-port 1755-1756 source-port 0-65535;
        }

     

    If I set 'application timeout' under 'application vbrick' I get an error when I try to commit.  It is ok if I set the application timeout under each individual term (i.e. vbrick, vbrick_1, etc).  I was just thinking of a quick, or quicker way to set an application timeout under earch of those terms in the application.



  • 5.  RE: Chaning inacitvity timeout for all terms in custom application
    Best Answer

    Posted 03-09-2012 14:44

    In that case you could define an apply-group for the term leven. Should look like this:

     

    set group time-out-vbrick applications application vbrick term <*> inactivity-timout xxx

     

    And apply it like this

     

    set applications application vbrick apply-group time-out-vbrick

     

    So cool, using apply-groups!