[j-nsp] Security-flow TCP idle timeout at SRX

Michael Loftis mloftis at wgops.com
Fri Feb 1 12:16:32 EST 2013


My understanding for SRX is that at the very least you need to be using the
application in your firewall rules. So in your LAN to servers policy create
a more specific match before the fallback "application any" wild card. Your
current setup isn't necessarily using your application statement. I haven't
had to twiddle my timeouts and I don't use application any so I could be
wrong.

--------------------

Sent from my Motorola Xoom


More information about the juniper-nsp mailing list