Support User Manuals

Juniper Networks 5XT Network Router User Manual

Open as PDF

of 42

Juniper Networks NetScreen Release Notes

ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 37 of 42

exceeds the maximum number of routes permitted on a single page, all

subsequent pages display the routes from the first page.

• 35417 - If you set the guaranteed or maximum bandwidth (GBW or MBW)

higher than the interface bandwidth, traffic does not pass through if there is

a policy configured that specifies traffic shaping.

W/A: Adjust the GBW or MBW to be equal or less than the interface

bandwidth.

• 35336 - If you enabled VPN tunneling for syslog traffic and the source

interface is bound to a zone that contains multiple interfaces, after

upgrading a device from ScreenOS 4.0.0 to ScreenOS 5.0.0, the source

interface might have changed.

W/A: After upgrading the Juniper Networks security appliance, verify the

VPN settings for syslog and modify if necessary.

• 35238 - For devices in an NSRP configuration, active/active or active-

passive, you have to manually issue the delete ssh device all CLI

command on both devices.

• 34950 - (Juniper NetScreen-5000 only) Failover between two layer 2

interfaces in the same layer 2 security zone is not supported.

• 34922 - (Juniper NetScreen-50 only) You cannot configure a VSI when the

Juniper Networks security appliance is in an active-passive NSRP

configuration.

• 34880 - (Juniper NetScreen-5GT only) Issuing the CLI command 'set

interface <interface> manage ident-reset' displays incorrectly as 'set

interface <interface> ident-reset' (without the word "manage" in the

configuration file).

• 34670 - (Juniper NetScreen-5GT only) Issuing the CLI command 'set/unset

firewall exclude log-self exclude ike' does not change the state of "Log Self for

IKE". The 'get firewall' command displays "Log Self for IKE" constantly in

the "Off" state.

• 34663 - Enabling the RTO mirror group direction feature using the set nsrp

rto-mirror id <id> direction { in | out } CLI command, might cause the

preempt mode feature not to work.

• 34414 - The Juniper Networks security appliance does not perform a

revocation check on the signature attack database upon requesting an

update.

• 34070 - (Juniper NetScreen-5GT only) The event message 'AV: Suspicious

client <Source IP> <Source Port> -> <Destination IP> <Destination Port>

used <X> percent of AV resources, and exceeded the max. of <y> percent'

previous next