[j-nsp] SRX3600 and NAT

James S. Smith JSmith at WindMobile.ca
Thu Apr 26 21:46:56 EDT 2012 

This is from JunOS 10.1 product information: http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42300.html

-----------------------------------------------------------------------------
The following describes the maximum numbers of NAT rules and rule sets supported:

    For static NAT, up to 32 rule sets and up to 256 rules per rule set can be configured on a device.
    For destination NAT, up to 32 rule sets and up to 8 rules per rule set can be configured on a device.
    For source NAT, the following are the maximum numbers of source NAT rules that can be configured on a device:
        512 for J Series, SRX100, and SRX210 devices
        1024 for SRX240 and SRX650 devices
        8192 for SRX3400, SRX3600, SRX5600, and SRX5800 devices

These are systemwide maximums for total numbers of source NAT rules. There is no limitation on the number of rules that you can configure in a source NAT rule set as long as the maximum number of source NAT rules allowed on the device is not exceeded.
-----------------------------------------------------------------------------

Looks like this is shared across virtual routers.


James S. Smith Network and Security Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
Email: JSmith at WindMobile.ca
Direct: 416-640-9792
Fax: 416-987-1203
www.windmobile.ca 
www.twitter.com/WINDmobile 
www.facebook.com/WINDmobile
  
THAT'S THE POWER OF WIND
-----Original Message-----
From: Tomas Lynch [mailto:tomas.lynch at gmail.com] 
Sent: Thursday, April 26, 2012 6:23 PM
To: James S. Smith
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SRX3600 and NAT

I have 6 SPUs.

On Thu, Apr 26, 2012 at 7:17 PM, James S. Smith <JSmith at windmobile.ca> wrote:
> How many SPU cards do you have in the box?
>
> I'd be interested to know other people's experiences with the application inpsection for various databases.  I usually turn the ALG for the off because the DBAs complain that long queries are get terminated, even after tweeking the timeouts.
>
>
>
> ----- Original Message -----
> From: Tomas Lynch [mailto:tomas.lynch at gmail.com]
> Sent: Thursday, April 26, 2012 06:14 PM
> To: juniper-nsp at puck.nether.net <juniper-nsp at puck.nether.net>
> Subject: [j-nsp] SRX3600 and NAT
>
> I'm looking for some info on SRX3600:
>
> How many static and dynamic NATs are supported per box and per virtual
> router on a SRX3600?
> Which are the flow inspection average and maximum time?
> Which are the OS and database systems that this firewall protects?
>
> Thanks,
>
> TL
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list