[j-nsp] SRX 3600 dropped packets - how to debug?

[Phil Mayers]

On 28/05/13 14:51, OBrien, Will wrote:
> The primary use of the dns alg is to reduce session count. This is
> very apparent on net screens. I reduced 500k sessions down to 400k by
> turning it on. That said, you can achieve similar results by setting
> dns specific policies with short timeouts.

Out of interest, how short a timeout have you experimented with?

We set our Netscreen 5400s to 10 seconds at one point, but the extra 
session table use was still considerable by comparison with an 
ALG-enabled setup.