What does 10 user limit actually mean ??

  • Netscreen 5GT comes with 10 user license. What does it actually mean ?

    Does it mean that only 10 users can be using the internet at the same time ?


    Does it mean that only 10 computers could be connected to the GT. The 11th computer will fail to accesss the internet ?

    The reason I am asking this questions is because I have a client who has exactly 10 computers on the network. I am planning to sell Netscreen GT to them. Does it mean that they cant add more computer to their network in future ??? If they want they have to upgrade the Netscreen ?


  • Engineer

    I think it is 10 users in the Trusted zone … see this link …

  • Engineer

    Is such limit applied on all the interfaces or just session initiated from the Trust

  • it turns out in v5 r10.1 there is a bug in the os that doesnt clear users from the active user table when their session is over. after weeks of beating myself up, i call juniper and tehy tell me there is an upgrade for the os. this may be kinda off topic, but where can i find the bug reports/known issues in the scren os releases. the juniper.net website is a terror to navigate

  • Let me take a stab at this.

    10 user means active session per unique IP address. If user A with IP sends traffic across the NetScreen, it will create a session. Once a session is created for a unique IP, that IP will be added to the active user table. As long as the is 1 session for that IP, it will remain in the active user table. If all sessions for IP are cleared from the session table, the IP will be removed from the active user table.

    There is a way to clear the IP from the active user table. From the WebUI, go to Reports > Active Users, and click remove next to the IP you want to remove. From the CLI, clear active (ip address).

    Regarding the MSN question, that is a little tricky. IM sometimes uses port 80 for communications, and if it does, changing the timeout may affect web access as well. You could create a custom service for MSN, then define a low service timeout.

  • i have the same situation at several facilities that i manage, execept if one user checks their mail for example, then closes the browser, the 5gt does not remove their ip from the active sessions list.
    is there a way to manually purge ip from the active sessions table, either from the console, webui, or NSM???

    another question i have concerns MSN messenger. at our head office they love msn and use it to communicate amongst themselves. since there are more than 10 computers and everyone is using msn certain employees never get online unless they show up first in the morning and log on to their PC’s.
    is there a way to set a timeout, where an ip can only use one of the available sessions for a certain period of time and then release that spot during an idle period to someone else who wants to send an instant message for instance??

    i have a bunch of questions about managing a 10 user license 5gt, but i think answers to the above will get me going in the right direction

  • Engineer

    let’s clarify :
    Each time an IP adress has established session(s) on the NS box, 1 user license is used. Don’t care If you have IE, telnet client ,SSH client all connected through the box.

    If you close IE, sure that you keep your telnet and ssh client session alive, and also the user license used.

    Once you close all your 3 application, then you have no more active session on the box, the user license is free and can be reused by another IP.

    Then you have 10 IPs that can pass through the box at the same time.

  • Can you please clarify what you mean by closing all sessions ??? Suppose I am accessing internet explorer and browsing we sites. Does it mean that if I cose IE, it will close all sessions. R there commands to check how many users are currently using the netscreen and how many sessions each user is using.


  • Engineer

    That’s it … 10 IPs can have established session in the session table. The 11th IP will wait that another one close all active session and then free a license for him.

    Leave the choice to the customer … pay immediatly for unlicense box or pay later to buy the software key.