Juniper Networks 5XT Manual Do Utilizador
Juniper Networks
NetScreen Release Notes
ScreenOS 5.0.0r9-FIPS
P/N 093-1638-000, Rev. A
Page 30 of 42
• SSH Version 1 Interoperability – The embedded SSH server in ScreenOS
5.0.0 has issues with the client from SSH Communications Security when
operating in SSH version 1 mode.
operating in SSH version 1 mode.
W/A: Use SSH version 2 or a different SSH version 1 client, such as
OpenSSH.
OpenSSH.
• Primary & Backup Interfaces – (Juniper NetScreen-5XT) The primary
and backup interfaces bound to the Untrust security zone cannot both use
DHCP for address assignment at the same time. You can use DHCP for one
interface and PPPoE for the other. Or you can use PPPoE for both interfaces.
DHCP for address assignment at the same time. You can use DHCP for one
interface and PPPoE for the other. Or you can use PPPoE for both interfaces.
• Loading License Keys – The Juniper NetScreen-5XP device does not
properly load license keys via the WebUI. However, you can load license keys
via the CLI using the exec license-key command.
via the CLI using the exec license-key command.
• Aggressive Aging – The Aggressive Aging feature is not supported on the
Juniper NetScreen-5000 Series devices.
• SSHv2 Implementations – The SSHv2 feature specification requires
support for two implementations: OpenSSH and Secure CRT.
• Upgrade Limitations – When upgrading a device to ScreenOS 5.0.0UPGR
in Transparent mode, the device experiences the following problems:
– The device fails during upgrading from ScreenOS 4.0.1 to ScreenOS 5.0.0
– The device fails during upgrading from ScreenOS 4.0.1 to ScreenOS 5.0.0
in a VPN scenario.
– In clear text situations (where traffic is not encrypted to pass through a
VPN tunnel), after the upgrade to ScreenOS 5.0.0UPGR, the user had to
run the clear arp and clear mac-l commands to enable the device to
work because some ARP entries learn on the wrong port.
run the clear arp and clear mac-l commands to enable the device to
work because some ARP entries learn on the wrong port.
• Updated Message ID Numbers – The NetScreen Message Log Reference
Guide (Part Number 093-0917-000 Rev. D) now contains an updated
message ID number for Deep Inspection attack messages. The message,
formerly associated with ID number 00001, now maps to ID number 00601.
Although the ID number has already been changed in the guide, the ID
number will not change in the code until the next revision of ScreenOS 5.0.0.
message ID number for Deep Inspection attack messages. The message,
formerly associated with ID number 00001, now maps to ID number 00601.
Although the ID number has already been changed in the guide, the ID
number will not change in the code until the next revision of ScreenOS 5.0.0.
5.2 Compatibility Issues in ScreenOS 5.0.0
Below are the known compatibility issues at the time of this release. Whenever
possible, a workaround (starting with “W/A:”) has been provided for your
convenience.
possible, a workaround (starting with “W/A:”) has been provided for your
convenience.
• General Compatibility Issues