Message Image

Skip main navigation (Press Enter).

SRX

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

How to change NAT translation timeout for UDP from default 60 seconds to something longer?

Jump to Best Answer

Erdem08-21-2010 06:40

What is the simplest way to change the default NAT translation timeout for UDP? I would like to set ...

aarseniev08-22-2010 09:24Best Answer

Hello, I think this should help: http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-security/topic-41684.html ...

1. How to change NAT translation timeout for UDP from default 60 seconds to something longer?

0 Recommend
Erdem
Posted 08-21-2010 06:40

Reply Reply Privately
What is the simplest way to change the default NAT translation timeout for UDP?
I would like to set it to something longer (say 300 seconds) than the default 60 seconds.

I'm doing Source NAT on an SRX100 running 10.0R1.8.

Thanks,
Bill

#NAT
2. RE: How to change NAT translation timeout for UDP from default 60 seconds to something longer?
Best Answer

0 Recommend
aarseniev
Posted 08-22-2010 09:24

Reply Reply Privately
Hello,
I think this should help:
http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-security/topic-41684.html

user@host# set applications application udp300s protocol udp destination-port 1-65535 inactivity-timeout 300

And then match on newly created application udp300s in your policies.

Also, if you have UDP ALGs enabled like SIP ALG, it has more than 1 timeout:
http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-security/topic-42160.html#id-41173

HTH
Regards
Alex

Powered by Higher Logic