Juniper Networks 500 Network Router User Manual


 
Juniper Networks NetScreen Release Notes
ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 35 of 42
5.3.7 Known Issues from ScreenOS 5.0.0r3 for the 5000-M2
38001 – When you run the get session command, ScreenOS sometimes
displays the policy ID number incorrectly as a negative number.
37993 – When enabled on a Juniper NetScreen-5000 Series system, the
inter-zone IP record route option does not update the counter associated with
this option. The record route option records the IP addresses of the network
devices along the path that an IP packet travels. The destination device then
can extract and process the route information.
37974 – When attack packets associated with the syn-and-fin, block-
fragment, and unknown-protocol events attempt to enter a Juniper
NetScreen-5000 Series system using a 5000-24FE secure port module when
the system experiences heavy traffic, the system ASIC may not be able to
transmit packets from the device. A syn-and-fin attack is an instance where
a TCP header contains both syn and fin flags set. A block-fragment event is
when the NetScreen system attempts to deny entry of fragments of a larger
packet that have been disassembled so they may enter the device with
undetected attack content. An unknown-protocol attack is a packet that
contains a protocol that the NetScreen system does not recognize.
37712 – You cannot remove an SSH key from a Vsys by running the
command unset ssh pka all. When you run the command, ScreenOS does
not remove the SSH key and displays a generic error message.
37640 – You can create a password name with a greater number of
characters than the usual character limit (15) for passwords in ScreenOS for
the Juniper NetScreen-5000 Series systems.
37497 – You could not create more than 1,500 IKE sessions (attempting to
establish VPN tunnels) while the system experienced heavy traffic.
37422 – When you loaded an older ScreenOS configuration image on a new
Juniper NetScreen-5000 Series system, the system failed. If the system now
functions correctly, remaining active with ScreenOS displaying an error
message on the console indicating a mismatch between the loaded image and
the image(s) the system accepts.
37303 – You can create an environment variable with a greater number of
characters than the usual character limit (255) for environment variable
strings in ScreenOS for the Juniper NetScreen-5000 Series systems.
36926 – After you created the maximum number of sessions (1 million)
allowed on the Juniper NetScreen-5000 Series system, and you disable a
policy, the sessions do not age out in the expected way from the system.