[j-nsp] Security-flow TCP idle timeout at SRX
Anton Yurchenko
ayurchenko at gmail.com
Fri Feb 1 16:02:09 EST 2013
The security policy you have does not use newly defined application
myapp. If you use it in your policy then it will work, because of
inactivity timeout you defined in the application myapp.
On 2/1/13 12:28 AM, Robert Hass wrote:
> Hi
>
> I have issue with one of our applications. We have two security zones: LAN
> and Servers. Computers from LAN are connecting to Servers to port TCP/2020
> (it's CTI application). Users reported that they have to re-logon due to
> idle timeout - I checked security logs on SRX and sessions was disconnected
> due to tcp idle-timeout which default is 30 minutes. How I can increase
> this timeout for connections TCP/2020 ?
>
> Will below configuration will be sufficient :
>
> security {
> policies {
> from-zone lan to-zone servers {
> policy 1 {
> match {
> source-address any;
> destination-address any;
> application any;
> }
> then {
> permit;
> log {
> session-init;
> session-close;
> }
> count;
> }
> }
> }
> from-zone servers to-zone lan {
> policy 1 {
> match {
> source-address any;
> destination-address any;
> application any;
> }
> then {
> permit;
> log {
> session-init;
> session-close;
> }
> count;
> }
> }
> }
> }
> }
> applications {
> application myapp {
> protocol tcp;
> destination-port 2020;
> inactivity-timeout 100000;
> }
> }
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list