I have a Juniper Netscreen SSG-140.

While experimenting with a VoIP service, I defined a custom policy that was to be used to permit the possible ports in use to be sent back to the VoIP server from systems connecting across the internet. Because I'd had problems in the past with VoIP systems getting broken when their UDP sessions were expired out faster than their keep-alives were generated, I set the timeout on this custom service to be 'never'.

After much experimentation, I happened to notice that my session count on the firewall has grown from a couple thousand to over 36000.

After discussion with the VoIP "expert", I set the timeout to be 30 minutes; however, all the sessions set up during the experimentation process are still there, more than 3 days later.

Is there a way I can force these old sessions to get expired and removed from the session table, or am I looking at resetting my firewall?

(Both firewalls, actually -- they are in a cluster.)