IP Router Configuration
7705 SAR OS Router Configuration Guide 47
NAT Security Profile
A NAT security profile defines security profile features such as session idle timeouts. Profiles
can vary from subscriber to subscriber and are applied to policies, which are then applied to
zones at the time the zone is created. All profile timeouts are defined in days, hours, minutes,
and seconds. Profiles are referenced by NAT policies.
Profile timeouts are used for timing out datapath sessions within specified connection states.
For example, in a TCP three-way handshake, each state has its own configurable timeout
value. If the TCP connection has not transitioned from a state within the time period of the
configured timeout, the session will automatically time out and be removed from the
datapath.
NAT profile attributes are described in Table 5.
Note: NAT security profile 1 is the default profile and cannot be modified. By default, this
profile is assigned to any security policy that does not have a profile.
Table 5: NAT Profile Attributes
Attribute Description CLI Command
timeouts Command used to configure session idle
timeouts for a profile
timeouts
ICMP request Specifies the timeout for a half-open
NAT ICMP session. A half-open NAT
ICMP session is created when an ICMP
request is sent but no ICMP response is
received.
Default timeout: 1 min
Minimum timeout: 1min
Maximum timeout: 5 min
icmp-request
TCP established Specifies the timeout for a TCP session in
the established state
Default timeout: 2 hrs, 4 min
Minimum timeout: 1 min
Maximum timeout: 24 hr
tcp-established
To Next Page
Loading...
