SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Back to discussions
Expand all | Collapse all

Is there any way we do NAT policy lookup like security policies and how can we check tcp half close session and sync timeout value

  • 1.  Is there any way we do NAT policy lookup like security policies and how can we check tcp half close session and sync timeout value

    Posted 12 days ago

    Hello All,

    I am looking for NAT policy lookup command in vSRX like we have for security policies "show security match-policies". Do we have something like that for NAT rule.

    Also is there any way  we check tcp half close session default timeout value on device  and sync timeout value for (Embryonic session)4



    ------------------------------
    ANIL KUMAR
    ------------------------------


  • 2.  RE: Is there any way we do NAT policy lookup like security policies and how can we check tcp half close session and sync timeout value

    Posted 12 days ago

    I don't know of any nat policy search command, but you might get what you need on the configuration using the options under

    show security nat

    or for the active sessions using

    show security flow session nat

    For the tcp flows created without reply, I don't see a good match condition to search on.  The key is finding a session with not reply packets which can be seen by policy or addresses  using

    show security flow session

    But the display is such I don't see a good condition to add with the match command to limit the output

    show security flow session | match keyword



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------

    Original Message