Dnia 10-12-20 18:04 użytkownik „Mark Kamichoff” <p...@prolixium.com> napisał:
>On Mon, Dec 20, 2010 at 10:18:27AM -0600, Chris Adams wrote: >> I don't know about the SRX, but I know with the SSG, the ScreenOS >> default timeout for TCP sessions was way too low (IIRC something like >> 5 minutes) and would cause that. I turned on SSH keepalives to avoid >> the timeout. > >Yep, the SRX does the same thing with regards to timeouts. The timeout >is 30 minutes for SSH by default, but you can extend it to longer by >adding a custom inactivity-timeout to the junos-ssh application: > >{primary:node0} >p...@orb> show configuration applications >application junos-ssh inactivity-timeout 3600; Does junos-ssh applies to any ssh traffic - the one to the srx itself, and the one to the servers behind an SRX firewall? >Alternatively, you can set the tcp-rst option on the appropriate >zone(s), which will cause SSH sessions to disconnect immediately when >data is sent over an SSH session that's timed-out already: > >{primary:node0}[edit] >p...@orb# show security zones security-zone trust >tcp-rst; >[...] I'll try that. Thanks :) Mjb _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp