Juniper Networks 208 Network Router User Manual


 
Juniper Networks NetScreen Release Notes
ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 29 of 42
01958 – An internal mishandling of the MAC cache could cause a security
appliance to crash.
01944 – The group addresses for V1-untrust zone were getting lost after
upgrading a device from a previous release. The group address for v1-untrust
was incorrectly set to a maximum of 8 groups while it should have been 32.
01812 – Using un-initialized memory space when creating an outgoing
packet caused the device to fail.
5. Known Issues
This section describes known issues with the current release.
Section 5.1 “Limitations of Features in ScreenOS 5.0.0” identifies features
that are not fully functional at the present time, and will be unsupported for
this release. Juniper recommends that you do not use these features.
Section 5.2 “Compatibility Issues in ScreenOS 5.0.0 on page 30” describes
known compatibility issues with other products, including but not limited to
specific Juniper NetScreen appliances, other versions of ScreenOS, Internet
browsers, Juniper management software and other vendor devices.
Whenever possible, information is provided for ways to avoid the issue,
minimize its impact, or in some manner work around it.
Section 5.3 “Known Issues in ScreenOS 5.0.0 on page 32” describes
deviations from intended product behavior as identified by Juniper
Networks Test Technologies through their verification procedures. Again,
whenever possible, information is provided to assist the customer in avoiding
or otherwise working around the issue.
5.1 Limitations of Features in ScreenOS 5.0.0
The following limitations are present in ScreenOS 5.0.0.
No Support for Packet Attribute Features – The Juniper NetScreen-
5000 Series systems do not support the aggressive aging, maximum
fragment size, path MTU (Maximum Transmission Unit), and Interface
MTU features.
Vsys for Group IKE ID – Group IKE ID users cannot be used in a vsys if
that vsys uses a shared untrust interface.
W/A: Use a private Untrust interface (tagged VLAN subinterface or
dedicated physical interface) for the vsys.