[j-nsp] Security-flow TCP idle timeout at SRX
Robert Hass
robhass at gmail.com
Fri Feb 1 03:28:27 EST 2013
Hi
I have issue with one of our applications. We have two security zones: LAN
and Servers. Computers from LAN are connecting to Servers to port TCP/2020
(it's CTI application). Users reported that they have to re-logon due to
idle timeout - I checked security logs on SRX and sessions was disconnected
due to tcp idle-timeout which default is 30 minutes. How I can increase
this timeout for connections TCP/2020 ?
Will below configuration will be sufficient :
security {
policies {
from-zone lan to-zone servers {
policy 1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
session-close;
}
count;
}
}
}
from-zone servers to-zone lan {
policy 1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
session-close;
}
count;
}
}
}
}
}
applications {
application myapp {
protocol tcp;
destination-port 2020;
inactivity-timeout 100000;
}
}
More information about the juniper-nsp
mailing list