Juniper Networks 5XT Network Router User Manual


 
Juniper Networks NetScreen Release Notes
ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 37 of 42
exceeds the maximum number of routes permitted on a single page, all
subsequent pages display the routes from the first page.
35417 - If you set the guaranteed or maximum bandwidth (GBW or MBW)
higher than the interface bandwidth, traffic does not pass through if there is
a policy configured that specifies traffic shaping.
W/A: Adjust the GBW or MBW to be equal or less than the interface
bandwidth.
35336 - If you enabled VPN tunneling for syslog traffic and the source
interface is bound to a zone that contains multiple interfaces, after
upgrading a device from ScreenOS 4.0.0 to ScreenOS 5.0.0, the source
interface might have changed.
W/A: After upgrading the Juniper Networks security appliance, verify the
VPN settings for syslog and modify if necessary.
35238 - For devices in an NSRP configuration, active/active or active-
passive, you have to manually issue the delete ssh device all CLI
command on both devices.
34950 - (Juniper NetScreen-5000 only) Failover between two layer 2
interfaces in the same layer 2 security zone is not supported.
34922 - (Juniper NetScreen-50 only) You cannot configure a VSI when the
Juniper Networks security appliance is in an active-passive NSRP
configuration.
34880 - (Juniper NetScreen-5GT only) Issuing the CLI command 'set
interface <interface> manage ident-reset' displays incorrectly as 'set
interface <interface> ident-reset' (without the word "manage" in the
configuration file).
34670 - (Juniper NetScreen-5GT only) Issuing the CLI command 'set/unset
firewall exclude log-self exclude ike' does not change the state of "Log Self for
IKE". The 'get firewall' command displays "Log Self for IKE" constantly in
the "Off" state.
34663 - Enabling the RTO mirror group direction feature using the set nsrp
rto-mirror id <id> direction { in | out } CLI command, might cause the
preempt mode feature not to work.
34414 - The Juniper Networks security appliance does not perform a
revocation check on the signature attack database upon requesting an
update.
34070 - (Juniper NetScreen-5GT only) The event message 'AV: Suspicious
client <Source IP> <Source Port> -> <Destination IP> <Destination Port>
used <X> percent of AV resources, and exceeded the max. of <y> percent'