SRX Services Gateway
Highlighted
SRX Services Gateway

How to change NAT translation timeout for UDP from default 60 seconds to something longer?

08.21.10   |  
‎08-21-2010 06:40 AM

What is the simplest way to change the default NAT translation timeout for UDP?

I would like to set it to something longer (say 300 seconds) than the default 60 seconds.

 

I'm doing Source NAT on an SRX100 running 10.0R1.8.

 

Thanks,

Bill

1 REPLY
SRX Services Gateway

Re: How to change NAT translation timeout for UDP from default 60 seconds to something longer?

08.22.10   |  
‎08-22-2010 09:23 AM

Hello,

I think this should help:

http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-s...

 

 

user@host# set applications application udp300s protocol udp destination-port 1-65535 inactivity-timeout 300 

 

And then match on newly created application udp300s in your policies.

 

Also, if you have UDP ALGs enabled like SIP ALG, it has more than 1 timeout:

http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-s...

 

HTH

Regards

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !