Juniper Networks NETSCREEN 208 User Manual

Page 37

Advertising
background image

Juniper Networks

NetScreen Release Notes

ScreenOS 5.0.0r9-FIPS

P/N 093-1638-000, Rev. A

Page 37 of 42

exceeds the maximum number of routes permitted on a single page, all
subsequent pages display the routes from the first page.

• 35417 - If you set the guaranteed or maximum bandwidth (GBW or MBW)

higher than the interface bandwidth, traffic does not pass through if there is
a policy configured that specifies traffic shaping.

W/A: Adjust the GBW or MBW to be equal or less than the interface
bandwidth.

• 35336 - If you enabled VPN tunneling for syslog traffic and the source

interface is bound to a zone that contains multiple interfaces, after
upgrading a device from ScreenOS 4.0.0 to ScreenOS 5.0.0, the source
interface might have changed.

W/A: After upgrading the Juniper Networks security appliance, verify the
VPN settings for syslog and modify if necessary.

• 35238 - For devices in an NSRP configuration, active/active or active-

passive, you have to manually issue the delete ssh device all CLI
command on both devices.

• 34950 - (Juniper NetScreen-5000 only) Failover between two layer 2

interfaces in the same layer 2 security zone is not supported.

• 34922 - (Juniper NetScreen-50 only) You cannot configure a VSI when the

Juniper Networks security appliance is in an active-passive NSRP
configuration.

• 34880 - (Juniper NetScreen-5GT only) Issuing the CLI command 'set

interface <interface> manage ident-reset' displays incorrectly as 'set
interface <interface> ident-reset' (without the word "manage" in the
configuration file).

• 34670 - (Juniper NetScreen-5GT only) Issuing the CLI command 'set/unset

firewall exclude log-self exclude ike' does not change the state of "Log Self for
IKE". The 'get firewall' command displays "Log Self for IKE" constantly in
the "Off" state.

• 34663 - Enabling the RTO mirror group direction feature using the set nsrp

rto-mirror id <id> direction { in | out } CLI command, might cause the
preempt mode feature not to work.

• 34414 - The Juniper Networks security appliance does not perform a

revocation check on the signature attack database upon requesting an
update.

• 34070 - (Juniper NetScreen-5GT only) The event message 'AV: Suspicious

client <Source IP> <Source Port> -> <Destination IP> <Destination Port>
used <X> percent of AV resources, and exceeded the max. of <y> percent'

Advertising
This manual is related to the following products:
See also other documents in the category Juniper Networks Hardware: