Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Checking the maximum number of NAT sessions supported for vSRX and Branch SRX

0

0
Article ID: KB33312 KB Last Updated: 12 Nov 2018Version: 1.0 Summary:

Administrators may be concerned about the number of Network Address Translation (NAT) sessions that are supported on their devices to ensure that the NAT number is sufficient for their environments.

This article shows how to check the total number of NAT sessions supported by the vSRX and Branch SRX devices by using the Command Line Interface (CLI).

 

Solution:

To check the maximum number of NAT sessions, enter show usp nat cp sysconf at the VTY prompt, and then check the usp_max_nat_session line.

vSRX

On vSRX, enter the shell as root, access the VTY, and then enter the above command. Note that the command to enter the VTY prompt on vSRX is different from that used for Branch SRX.

root> start shell user root
root@% vty fpc0

TOR platform (1899Mhz Intel(R) Xeon(R) processor, 1536MB memory, 16384KB flash)

FLOWD_VSRX_S( vty)# show usp nat cp sysconf
usp_max_nat_pport_dst = 24
usp_max_nat_pat_port_num = 50331648
usp_max_nat_pat_addr = 768
usp_max_nat_no_pat_addr = 98304
usp_nat_cookie_num = 5
usp_max_nat_session = 524288
usp_max_rm_client_num = 0
usp_max_h323_call_num = 1536
mgcp_transaction_hash_max_entries = 1024
usp_max_sccp_call_num = 1536
usp_max_tcpproxy_connection = 49152
usp_max_mgcp_call_num = 1536
usp_max_sip_call_num = 1536
usp_max_rtsp_connections = 1536
usp_trace_max_num_records = 1000
usp_max_concurrent_auth_users = 1024

As seen above, the maximum number of NAT sessions is 524288. Type exit to leave the VTY prompt, and then cli to get back to the operational mode prompt.

 

Branch SRX

For Branch SRX devices, the process is the same, but the command to enter the VTY prompt is different. Type vty fwdd to enter the VTY prompt:

root@SRX550> start shell user root
root@SRX550% vty fwdd

BSD platform (OCTEON processor, 992MB memory, 16384KB flash)

FLOWD_OCTEON(SRX550 vty)# show usp nat cp sysconf
usp_max_nat_pport_dst = 16
usp_max_nat_pat_port_num = 67108864
usp_max_nat_pat_addr = 512
usp_max_nat_no_pat_addr = 131072
usp_nat_cookie_num = 5
usp_max_nat_session = 262144
usp_max_rm_client_num = 0
usp_max_h323_call_num = 512
mgcp_transaction_hash_max_entries = 1024
usp_max_sccp_call_num = 512
usp_max_tcpproxy_connection = 8192
usp_max_mgcp_call_num = 512
usp_max_sip_call_num = 512
usp_max_rtsp_connections = 512
usp_trace_max_num_records = 1000
usp_max_concurrent_auth_users = 1000

As seen above, the maximum number of NAT sessions is 262144. As with vSRX, type exit to leave the VTY prompt and cli to go back to the operational mode prompt.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search