How can I expire non-active sessions on my Netscreen SSG140?
Posted
by
David Mackintosh
on Server Fault
See other posts from Server Fault
or by David Mackintosh
Published on 2011-03-04T18:35:43Z
Indexed on
2011/03/14
0:11 UTC
Read the original article
Hit count: 582
I have a Juniper Netscreen SSG-140.
While experimenting with a VoIP service, I defined a custom policy that was to be used to permit the possible ports in use to be sent back to the VoIP server from systems connecting across the internet. Because I'd had problems in the past with VoIP systems getting broken when their UDP sessions were expired out faster than their keep-alives were generated, I set the timeout on this custom service to be 'never'.
After much experimentation, I happened to notice that my session count on the firewall has grown from a couple thousand to over 36000.
After discussion with the VoIP "expert", I set the timeout to be 30 minutes; however, all the sessions set up during the experimentation process are still there, more than 3 days later.
Is there a way I can force these old sessions to get expired and removed from the session table, or am I looking at resetting my firewall?
(Both firewalls, actually -- they are in a cluster.)
© Server Fault or respective owner