Administrators may be concerned about the number of Network Address Translation (NAT) sessions that are supported on their devices to ensure that the NAT number is sufficient for their environments.
This article shows how to check the total number of NAT sessions supported by the vSRX and Branch SRX devices by using the Command Line Interface (CLI).
To check the maximum number of NAT sessions, enter show usp nat cp sysconf
at the VTY prompt, and then check the usp_max_nat_session
line.
vSRX
On vSRX, enter the shell as root
, access the VTY, and then enter the above command. Note that the command to enter the VTY prompt on vSRX is different from that used for Branch SRX.
root> start shell user root
root@% vty fpc0
TOR platform (1899Mhz Intel(R) Xeon(R) processor, 1536MB memory, 16384KB flash)
FLOWD_VSRX_S( vty)# show usp nat cp sysconf
usp_max_nat_pport_dst = 24
usp_max_nat_pat_port_num = 50331648
usp_max_nat_pat_addr = 768
usp_max_nat_no_pat_addr = 98304
usp_nat_cookie_num = 5
usp_max_nat_session = 524288
usp_max_rm_client_num = 0
usp_max_h323_call_num = 1536
mgcp_transaction_hash_max_entries = 1024
usp_max_sccp_call_num = 1536
usp_max_tcpproxy_connection = 49152
usp_max_mgcp_call_num = 1536
usp_max_sip_call_num = 1536
usp_max_rtsp_connections = 1536
usp_trace_max_num_records = 1000
usp_max_concurrent_auth_users = 1024
As seen above, the maximum number of NAT sessions is 524288. Type exit
to leave the VTY prompt, and then cli
to get back to the operational mode prompt.
Branch SRX
For Branch SRX devices, the process is the same, but the command to enter the VTY prompt is different. Type vty fwdd
to enter the VTY prompt:
root@SRX550> start shell user root
root@SRX550% vty fwdd
BSD platform (OCTEON processor, 992MB memory, 16384KB flash)
FLOWD_OCTEON(SRX550 vty)# show usp nat cp sysconf
usp_max_nat_pport_dst = 16
usp_max_nat_pat_port_num = 67108864
usp_max_nat_pat_addr = 512
usp_max_nat_no_pat_addr = 131072
usp_nat_cookie_num = 5
usp_max_nat_session = 262144
usp_max_rm_client_num = 0
usp_max_h323_call_num = 512
mgcp_transaction_hash_max_entries = 1024
usp_max_sccp_call_num = 512
usp_max_tcpproxy_connection = 8192
usp_max_mgcp_call_num = 512
usp_max_sip_call_num = 512
usp_max_rtsp_connections = 512
usp_trace_max_num_records = 1000
usp_max_concurrent_auth_users = 1000
As seen above, the maximum number of NAT sessions is 262144. As with vSRX, type exit
to leave the VTY prompt and cli
to go back to the operational mode prompt.