Hello,
Have a look at these SRX config options:
user@srx# set security flow tcp-session ?
Possible completions:
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
no-sequence-check Disable sequence-number checking
no-syn-check Disable creation-time SYN-flag check
no-syn-check-in-tunnel Disable creation-time SYN-flag check for tunnel packets
rst-invalidate-session Immediately end session on receipt of reset (RST) segment
rst-sequence-check Check sequence number in reset (RST) segment
strict-syn-check Enable strict syn check
tcp-initial-timeout Timeout for TCP session when initialization fails
> time-wait-state Session timeout value in time-wait state, default 150 seconds <===!!!
{primary:node0}[edit]
user@srx# set security flow tcp-session time-wait-state ?
Possible completions:
<[Enter]> Execute this command
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
session-ageout Allow session to ageout using service based timeout values
session-timeout Configure session timeout value for time-wait state
| Pipe through a command
{primary:node0}[edit]
user@srx# set security flow tcp-session time-wait-state session-timeout ?
Possible completions:
<session-timeout> Configure session timeout value for time-wait state
"session-timeout" is configurable from 2 to 600 secs.
"session-ageout" is simply toggled on/off.
These knobs are available in 10.2R4, 10.4 and above.
HTH
Rgds
Alex