Juniper Networks 5XT Manual Do Utilizador

Página de 42
Juniper Networks
NetScreen Release Notes
ScreenOS 5.0.0r9-FIPS
P/N  093-1638-000, Rev. A
Page 35 of 42
5.3.7 Known Issues from ScreenOS 5.0.0r3 for the 5000-M2
• 38001 – When you run the get session command, ScreenOS sometimes 
displays the policy ID number incorrectly as a negative number.
• 37993 – When enabled on a Juniper NetScreen-5000 Series system, the 
inter-zone IP record route option does not update the counter associated with 
this option. The record route option records the IP addresses of the network 
devices along the path that an IP packet travels. The destination device then 
can extract and process the route information.
• 37974 – When attack packets associated with the syn-and-fin, block-
fragment, and unknown-protocol events attempt to enter a Juniper 
NetScreen-5000 Series system using a 5000-24FE secure port module when 
the system experiences heavy traffic, the system ASIC may not be able to 
transmit packets from the device. A syn-and-fin attack is an instance where 
a TCP header contains both syn and fin flags set. A block-fragment event is 
when the NetScreen system attempts to deny entry of fragments of a larger 
packet that have been disassembled so they may enter the device with 
undetected attack content. An unknown-protocol attack is a packet that 
contains a protocol that the NetScreen system does not recognize.
• 37712 – You cannot remove an SSH key from a Vsys by running the 
command unset ssh pka all. When you run the command, ScreenOS does 
not remove the SSH key and displays a generic error message.
• 37640 – You can create a password name with a greater number of 
characters than the usual character limit (15) for passwords in ScreenOS for 
the Juniper NetScreen-5000 Series systems.
• 37497 – You could not create more than 1,500 IKE sessions (attempting to 
establish VPN tunnels) while the system experienced heavy traffic.
• 37422 – When you loaded an older ScreenOS configuration image on a new 
Juniper NetScreen-5000 Series system, the system failed. If the system now 
functions correctly, remaining active with ScreenOS displaying an error 
message on the console indicating a mismatch between the loaded image and 
the image(s) the system accepts.
• 37303 – You can create an environment variable with a greater number of 
characters than the usual character limit (255) for environment variable 
strings in ScreenOS for the Juniper NetScreen-5000 Series systems.
• 36926 – After you created the maximum number of sessions (1 million) 
allowed on the Juniper NetScreen-5000 Series system, and you disable a 
policy, the sessions do not age out in the expected way from the system.