Juniper Networks 5XT User Manual
Juniper Networks
NetScreen Release Notes
ScreenOS 5.0.0r9-FIPS
P/N 093-1638-000, Rev. A
Page 5 of 42
3. Changes to Default Behavior
There are numerous changes in default behavior. For detailed information on
changes to default behavior in ScreenOS 5.0.0, refer to the Juniper Networks
NetScreen ScreenOS Migration Guide.
changes to default behavior in ScreenOS 5.0.0, refer to the Juniper Networks
NetScreen ScreenOS Migration Guide.
Specific changes in default behavior in ScreenOS 5.0.0r9-FIPS release:
• The unset vendor-def CLI command removes all files stored in flash
memory except the license file.
• Security Manager does not work with this release.
4. Addressed Issues in ScreenOS 5.0.0
The following sections detail addressed issues in each release of 5.0.0.
4.1 Addressed Issues in ScreenOS 5.0.0r9-FIPS
• 03875 – After attempting to update a new configuration to the device from
Security Manager to the primary Juniper NetScreen-5200 system in an
active-passive HA pair of Juniper NetScreen-5200 systems, the primary
system failed. The backup system failed a minute and a half later.
active-passive HA pair of Juniper NetScreen-5200 systems, the primary
system failed. The backup system failed a minute and a half later.
• 03637 – When the firewall acted as a TCP proxy server, and if the server
returned the syn-ack packet too late in response to a syn packet, the relevant
firewall flow resource could be released too early and caused the firewall to
fail.
firewall flow resource could be released too early and caused the firewall to
fail.
• 03632 – When you have two VOIP phones connected to a trust and an
untrust zone on a Juniper NetScreen-5GT running in extended mode, and
you tried to place a call, the phone obtained its IP address from a DHCP
server.
you tried to place a call, the phone obtained its IP address from a DHCP
server.
• 03607 – When two 5000-24FE system running in an NSRP active-passive
transparent mode, where the e2/25 and e2/26 interfaces connected to a
switch, stopped passing traffic and displayed the following meaningless
message on the console:
switch, stopped passing traffic and displayed the following meaningless
message on the console:
get log system saved
• 03600 – If you issued the get tech command for a Juniper NetScreen-5400
in an NSRP active-passive configuration while the system was busy, the
system failed.
system failed.
• 03569 – A Juniper NetScreen-5000 Series system could fail due to flow
memory corruption from out-of-order TCP packets.
• 03558 – A trace route or ping operation sometimes caused memory
corruption, causing the device to fail.