SRX Services Gateway
Highlighted
SRX Services Gateway

Default value for timers in SRX

‎05-12-2020 02:02 AM

Hi,

 

Im tryting to know the default SRX values for these timers:

 

session ttl timer
tcp halfclose timer
tcp halfopen timer
tcp timewait timer
udp idle timer
 
I can not get this info in the doc. Anyone konw these values or the document?
4 REPLIES 4
Highlighted
SRX Services Gateway

Re: Default value for timers in SRX

‎05-12-2020 02:16 AM

Hello,

 


@SoporteSeguridad wrote:

 

session ttl timer

 

TCP: 1800 secs

UDP: 60 secs

ICMP : 2 secs

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-flow-based-session-for-s...

 


@SoporteSeguridad wrote:

tcp halfclose timer

 

Not supported https://kb.juniper.net/InfoCenter/index?page=content&id=KB26912&actp=METADATA

But You can apply TCP timewait timer to half-closed sessions

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...

 

 


@SoporteSeguridad wrote:

tcp halfopen timer

 

TCP initial timeout is 20 secs by default https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...

 

 


@SoporteSeguridad wrote:

tcp timewait timer

 

150 secs by default https://kb.juniper.net/InfoCenter/index?page=content&id=KB22754&cat=SRX_SERIES&actp=LIST

 

 


@SoporteSeguridad wrote:

udp idle timer
 
 

 

60 secs by default https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-flow-based-session-for-s...

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
SRX Services Gateway

Re: Default value for timers in SRX

‎05-12-2020 02:19 AM

Hi SoporteSeguridad

 

Greetings, 

 

Searched the documentation and found the below:

Please mark "Accept as solution" if this answers your query. 

 

Kudos are appreciated too! 

 

Regards, 

Sharat Ainapur

Highlighted
SRX Services Gateway

Re: Default value for timers in SRX

‎05-12-2020 02:25 AM

Hi   SoporteSeguridad

 

Below are few links which you can go thorugh to understand the timer values.

 

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-flow-based-session-for-s...

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too

 

Kudos are appreciated too 🙂

 

Regards,

Nadeem

 

Highlighted
SRX Services Gateway

Re: Default value for timers in SRX

‎05-12-2020 02:27 AM

Hi SoporteSeguridad,

 

The default timer for session timeout(application identification) is 3600 seconds-

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/session-t...

 

Depending on the protocol and service, a session is programmed with a timeout value. For example, the default timeout for TCP is 1800 seconds. The default timeout for UDP is 60 seconds.

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-flow-based-session-for-s...

 

The default value for TCP time-wait timer is 150 seconds-

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...

 

UDP idle timer is 60 seconds-

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/applicati...

 

TCP Half-close state-

 This enables the system to apply the configured session timeout on receiving only one FIN packet (either client-to-server or server-to-client). When this is not configured, the default behavior takes effect—applying the configured TCP session timeout on receiving both the FIN packets. The default session timeout remains 150 seconds.

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...

 

Could not find anything for TCP half-open timeout But please check the below:

TCP Initial timeout has default value 20 seconds-

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...

 

Hope this helps 🙂

 

Please mark this "Accepted Solution" if this addresses your query.

Kudos would be much appreciated too 🙂

 

Feedback