[j-nsp] Security-flow TCP idle timeout at SRX
Michael Loftis
mloftis at wgops.com
Fri Feb 1 12:16:32 EST 2013
My understanding for SRX is that at the very least you need to be using the
application in your firewall rules. So in your LAN to servers policy create
a more specific match before the fallback "application any" wild card. Your
current setup isn't necessarily using your application statement. I haven't
had to twiddle my timeouts and I don't use application any so I could be
wrong.
--------------------
Sent from my Motorola Xoom
More information about the juniper-nsp
mailing list