[j-nsp] SRX3600 and NAT

Tomas Lynch tomas.lynch at gmail.com
Fri Apr 27 07:42:11 EDT 2012 

James,

Thanks for your answer. I didn't write my question clear, though. I'm
looking for the amount of entries that can be supported by NAT
policies, e.g. one million flows can be NATed.

Thanks,

Tomas

On Thu, Apr 26, 2012 at 10:46 PM, James S. Smith <JSmith at windmobile.ca> wrote:
> This is from JunOS 10.1 product information: http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42300.html
>
> -----------------------------------------------------------------------------
> The following describes the maximum numbers of NAT rules and rule sets supported:
>
>    For static NAT, up to 32 rule sets and up to 256 rules per rule set can be configured on a device.
>    For destination NAT, up to 32 rule sets and up to 8 rules per rule set can be configured on a device.
>    For source NAT, the following are the maximum numbers of source NAT rules that can be configured on a device:
>        512 for J Series, SRX100, and SRX210 devices
>        1024 for SRX240 and SRX650 devices
>        8192 for SRX3400, SRX3600, SRX5600, and SRX5800 devices
>
> These are systemwide maximums for total numbers of source NAT rules. There is no limitation on the number of rules that you can configure in a source NAT rule set as long as the maximum number of source NAT rules allowed on the device is not exceeded.
> -----------------------------------------------------------------------------
>
> Looks like this is shared across virtual routers.
>
>
> James S. Smith Network and Security Architect
> WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
> Email: JSmith at WindMobile.ca
> Direct: 416-640-9792
> Fax: 416-987-1203
> www.windmobile.ca
> www.twitter.com/WINDmobile
> www.facebook.com/WINDmobile
>
> THAT'S THE POWER OF WIND
> -----Original Message-----
> From: Tomas Lynch [mailto:tomas.lynch at gmail.com]
> Sent: Thursday, April 26, 2012 6:23 PM
> To: James S. Smith
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] SRX3600 and NAT
>
> I have 6 SPUs.
>
> On Thu, Apr 26, 2012 at 7:17 PM, James S. Smith <JSmith at windmobile.ca> wrote:
>> How many SPU cards do you have in the box?
>>
>> I'd be interested to know other people's experiences with the application inpsection for various databases.  I usually turn the ALG for the off because the DBAs complain that long queries are get terminated, even after tweeking the timeouts.
>>
>>
>>
>> ----- Original Message -----
>> From: Tomas Lynch [mailto:tomas.lynch at gmail.com]
>> Sent: Thursday, April 26, 2012 06:14 PM
>> To: juniper-nsp at puck.nether.net <juniper-nsp at puck.nether.net>
>> Subject: [j-nsp] SRX3600 and NAT
>>
>> I'm looking for some info on SRX3600:
>>
>> How many static and dynamic NATs are supported per box and per virtual
>> router on a SRX3600?
>> Which are the flow inspection average and maximum time?
>> Which are the OS and database systems that this firewall protects?
>>
>> Thanks,
>>
>> TL
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list