Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: juniper

SRX3600 and NAT

 

 

nsp juniper RSS feed   Index | Next | Previous | View Threaded


tomas.lynch at gmail

Apr 26, 2012, 3:14 PM

Post #1 of 6 (1027 views)
Permalink
SRX3600 and NAT

I'm looking for some info on SRX3600:

How many static and dynamic NATs are supported per box and per virtual
router on a SRX3600?
Which are the flow inspection average and maximum time?
Which are the OS and database systems that this firewall protects?

Thanks,

TL
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


JSmith at windmobile

Apr 26, 2012, 3:17 PM

Post #2 of 6 (985 views)
Permalink
Re: SRX3600 and NAT [In reply to]

How many SPU cards do you have in the box?

I'd be interested to know other people's experiences with the application inpsection for various databases. I usually turn the ALG for the off because the DBAs complain that long queries are get terminated, even after tweeking the timeouts.



----- Original Message -----
From: Tomas Lynch [mailto:tomas.lynch [at] gmail]
Sent: Thursday, April 26, 2012 06:14 PM
To: juniper-nsp [at] puck <juniper-nsp [at] puck>
Subject: [j-nsp] SRX3600 and NAT

I'm looking for some info on SRX3600:

How many static and dynamic NATs are supported per box and per virtual
router on a SRX3600?
Which are the flow inspection average and maximum time?
Which are the OS and database systems that this firewall protects?

Thanks,

TL
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


tomas.lynch at gmail

Apr 26, 2012, 3:22 PM

Post #3 of 6 (984 views)
Permalink
Re: SRX3600 and NAT [In reply to]

I have 6 SPUs.

On Thu, Apr 26, 2012 at 7:17 PM, James S. Smith <JSmith [at] windmobile> wrote:
> How many SPU cards do you have in the box?
>
> I'd be interested to know other people's experiences with the application inpsection for various databases.  I usually turn the ALG for the off because the DBAs complain that long queries are get terminated, even after tweeking the timeouts.
>
>
>
> ----- Original Message -----
> From: Tomas Lynch [mailto:tomas.lynch [at] gmail]
> Sent: Thursday, April 26, 2012 06:14 PM
> To: juniper-nsp [at] puck <juniper-nsp [at] puck>
> Subject: [j-nsp] SRX3600 and NAT
>
> I'm looking for some info on SRX3600:
>
> How many static and dynamic NATs are supported per box and per virtual
> router on a SRX3600?
> Which are the flow inspection average and maximum time?
> Which are the OS and database systems that this firewall protects?
>
> Thanks,
>
> TL
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


JSmith at windmobile

Apr 26, 2012, 6:46 PM

Post #4 of 6 (983 views)
Permalink
Re: SRX3600 and NAT [In reply to]

This is from JunOS 10.1 product information: http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42300.html

-----------------------------------------------------------------------------
The following describes the maximum numbers of NAT rules and rule sets supported:

For static NAT, up to 32 rule sets and up to 256 rules per rule set can be configured on a device.
For destination NAT, up to 32 rule sets and up to 8 rules per rule set can be configured on a device.
For source NAT, the following are the maximum numbers of source NAT rules that can be configured on a device:
512 for J Series, SRX100, and SRX210 devices
1024 for SRX240 and SRX650 devices
8192 for SRX3400, SRX3600, SRX5600, and SRX5800 devices

These are systemwide maximums for total numbers of source NAT rules. There is no limitation on the number of rules that you can configure in a source NAT rule set as long as the maximum number of source NAT rules allowed on the device is not exceeded.
-----------------------------------------------------------------------------

Looks like this is shared across virtual routers.


James S. Smith Network and Security Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
Email: JSmith [at] WindMobile
Direct: 416-640-9792
Fax: 416-987-1203
www.windmobile.ca
www.twitter.com/WINDmobile
www.facebook.com/WINDmobile

THAT'S THE POWER OF WIND
-----Original Message-----
From: Tomas Lynch [mailto:tomas.lynch [at] gmail]
Sent: Thursday, April 26, 2012 6:23 PM
To: James S. Smith
Cc: juniper-nsp [at] puck
Subject: Re: [j-nsp] SRX3600 and NAT

I have 6 SPUs.

On Thu, Apr 26, 2012 at 7:17 PM, James S. Smith <JSmith [at] windmobile> wrote:
> How many SPU cards do you have in the box?
>
> I'd be interested to know other people's experiences with the application inpsection for various databases.  I usually turn the ALG for the off because the DBAs complain that long queries are get terminated, even after tweeking the timeouts.
>
>
>
> ----- Original Message -----
> From: Tomas Lynch [mailto:tomas.lynch [at] gmail]
> Sent: Thursday, April 26, 2012 06:14 PM
> To: juniper-nsp [at] puck <juniper-nsp [at] puck>
> Subject: [j-nsp] SRX3600 and NAT
>
> I'm looking for some info on SRX3600:
>
> How many static and dynamic NATs are supported per box and per virtual
> router on a SRX3600?
> Which are the flow inspection average and maximum time?
> Which are the OS and database systems that this firewall protects?
>
> Thanks,
>
> TL
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


tomas.lynch at gmail

Apr 27, 2012, 4:42 AM

Post #5 of 6 (999 views)
Permalink
Re: SRX3600 and NAT [In reply to]

James,

Thanks for your answer. I didn't write my question clear, though. I'm
looking for the amount of entries that can be supported by NAT
policies, e.g. one million flows can be NATed.

Thanks,

Tomas

On Thu, Apr 26, 2012 at 10:46 PM, James S. Smith <JSmith [at] windmobile> wrote:
> This is from JunOS 10.1 product information: http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42300.html
>
> -----------------------------------------------------------------------------
> The following describes the maximum numbers of NAT rules and rule sets supported:
>
>    For static NAT, up to 32 rule sets and up to 256 rules per rule set can be configured on a device.
>    For destination NAT, up to 32 rule sets and up to 8 rules per rule set can be configured on a device.
>    For source NAT, the following are the maximum numbers of source NAT rules that can be configured on a device:
>        512 for J Series, SRX100, and SRX210 devices
>        1024 for SRX240 and SRX650 devices
>        8192 for SRX3400, SRX3600, SRX5600, and SRX5800 devices
>
> These are systemwide maximums for total numbers of source NAT rules. There is no limitation on the number of rules that you can configure in a source NAT rule set as long as the maximum number of source NAT rules allowed on the device is not exceeded.
> -----------------------------------------------------------------------------
>
> Looks like this is shared across virtual routers.
>
>
> James S. Smith Network and Security Architect
> WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
> Email: JSmith [at] WindMobile
> Direct: 416-640-9792
> Fax: 416-987-1203
> www.windmobile.ca
> www.twitter.com/WINDmobile
> www.facebook.com/WINDmobile
>
> THAT'S THE POWER OF WIND
> -----Original Message-----
> From: Tomas Lynch [mailto:tomas.lynch [at] gmail]
> Sent: Thursday, April 26, 2012 6:23 PM
> To: James S. Smith
> Cc: juniper-nsp [at] puck
> Subject: Re: [j-nsp] SRX3600 and NAT
>
> I have 6 SPUs.
>
> On Thu, Apr 26, 2012 at 7:17 PM, James S. Smith <JSmith [at] windmobile> wrote:
>> How many SPU cards do you have in the box?
>>
>> I'd be interested to know other people's experiences with the application inpsection for various databases.  I usually turn the ALG for the off because the DBAs complain that long queries are get terminated, even after tweeking the timeouts.
>>
>>
>>
>> ----- Original Message -----
>> From: Tomas Lynch [mailto:tomas.lynch [at] gmail]
>> Sent: Thursday, April 26, 2012 06:14 PM
>> To: juniper-nsp [at] puck <juniper-nsp [at] puck>
>> Subject: [j-nsp] SRX3600 and NAT
>>
>> I'm looking for some info on SRX3600:
>>
>> How many static and dynamic NATs are supported per box and per virtual
>> router on a SRX3600?
>> Which are the flow inspection average and maximum time?
>> Which are the OS and database systems that this firewall protects?
>>
>> Thanks,
>>
>> TL
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


pkc_mls at yahoo

May 9, 2012, 11:35 PM

Post #6 of 6 (937 views)
Permalink
Re: SRX3600 and NAT [In reply to]

Le 27/04/2012 12:14, Tomas Lynch a crit :
> I'm looking for some info on SRX3600:

Hi,
for docs on juniper products : https://www.juniper.net/techpubs/
> How many static and dynamic NATs are supported per box and per virtual
> router on a SRX3600?
supported means configured or available in the session?
for the config it depends on the release, so you have to check the
releases notes. (try to stick to the recommended junOS for your device).
> Which are the flow inspection average and maximum time?
> Which are the OS and database systems that this firewall protects?
you should have a look at the IPS, but I'm not sure there is a list or
OSes and databases available.
(I haven't searched though).
> Thanks,
>
> TL
>

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

nsp juniper RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.