Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
What is the simplest way to change the default NAT translation timeout for UDP?
I would like to set it to something longer (say 300 seconds) than the default 60 seconds.
I'm doing Source NAT on an SRX100 running 10.0R1.8.
Thanks,
Bill
Hello,
I think this should help:
http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-security/topic-41684.html
user@host# set applications application udp300s protocol udp destination-port 1-65535 inactivity-timeout 300
And then match on newly created application udp300s in your policies.
Also, if you have UDP ALGs enabled like SIP ALG, it has more than 1 timeout:
http://www.juniper.net/techpubs/software/junos-security/junos-security10.3/junos-security-swconfig-security/topic-42160.html#id-41173
HTH
Regards
Alex