On 12/11/12 16:03, Tim Eberhard wrote: > Benny, > > I've been working with the SRX since before it was in beta loading it > up on a SSG550-M and netscreen previous to that. TCP keep alives, or > any tcp packet that transverses that session has ALWAYS reset the > timeout. The only time where you would see this "not working" is if > you had a situation of asymmetric routing or some time of crazy load > balancing through firewalls.
All I can say is that as of late 2009 on branch SRX (specifically SRX650, using then-current JunOS, probably 9.5) this was not the case with SSH traffic (which IIRC doesn't have an ALG). It wouldn't kill the session, just wouldn't extend it.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp