Streszczenie treści zawartej na stronie nr. 1
Juniper Networks
NetScreen Release Notes
Product: Juniper NetScreen-5XT, Juniper NetScreen-204, Juniper
NetScreen-208, Juniper NetScreen-500, Juniper NetScreen-5200,
Juniper NetScreen-5400
Version: ScreenOS 5.0.0r9-FIPS
Release Status: Private
Part Number: 093-1638-000, Rev. A
Date: 6-01-05
Contents
1. Version Summary on page 2
2. New Features and Enhancements on page 3
2.1 New Features and Enhancements in ScreenOS 5.0.0r9-FIPS on page 3
2.2 New Features and Enhancements from ScreenOS 5.0.
Streszczenie treści zawartej na stronie nr. 2
Juniper Networks NetScreen Release Notes 5. Known Issues on page 29 5.1 Limitations of Features in ScreenOS 5.0.0 on page 29 5.2 Compatibility Issues in ScreenOS 5.0.0 on page 30 5.2.1 Upgrade Paths from Previous Releases on page 31 5.3 Known Issues in ScreenOS 5.0.0 on page 32 5.3.1 Known Issues in ScreenOS 5.0.0r9-FIPS on page 32 5.3.2 Known Issues from ScreenOS 5.0.0r8 on page 33 5.3.3 Known Issues from ScreenOS 5.0.0r7 on page 34 5.3.4 Known Issues from ScreenOS 5.0.0r6 on page 34 5
Streszczenie treści zawartej na stronie nr. 3
Juniper Networks NetScreen Release Notes Refer to the following table to understand what ScreenOS versions map to which product. Product Firmware Juniper NetScreen-5XT ns5xt.5.0.0r9.0 Juniper NetScreen-200 Series ns200.5.0.0r9.0 Juniper NetScreen-500 ns500.5.0.0r9.0 Juniper NetScreen-5000 Series (with ns5000.5.0.0r9.0 5000-M) 2. New Features and Enhancements The following sections detail new features and enhancements in ScreenOS 5.0.0 releases. For a complete list and descriptions of new featu
Streszczenie treści zawartej na stronie nr. 4
Juniper Networks NetScreen Release Notes According to Trend Micro, the categories of viruses bypassed include HTML and Javascript. However, the subset of the bypassed viruses can be described as the following: Javascript/Jscript/HTML embedded in HTML code (having HTTP content type of text/HTML) AND is accessed through a script-enabled browser from a remote web server (via HTTP). For example, anti-virus scanning would NOT be bypassed for the following scenarios: 1. Javascript/HTML malware wh
Streszczenie treści zawartej na stronie nr. 5
Juniper Networks NetScreen Release Notes 3. Changes to Default Behavior There are numerous changes in default behavior. For detailed information on changes to default behavior in ScreenOS 5.0.0, refer to the Juniper Networks NetScreen ScreenOS Migration Guide. Specific changes in default behavior in ScreenOS 5.0.0r9-FIPS release: • The unset vendor-def CLI command removes all files stored in flash memory except the license file. • Security Manager does not work with this release. 4. Addressed
Streszczenie treści zawartej na stronie nr. 6
Juniper Networks NetScreen Release Notes • 03537 – The device failed when it incorrectly sent the DHCPDISCOVER packet out in the callback function. • 03528 – The subscription key retrieval operation worked only intermittently because the device did not close the SSL socket properly. • 03522 – When Security Manager imported a Juniper NetScreen-5200 with a configuration with large amounts of policies (5,000) and VPNs (2,000), the device failed. • 03495 – You could not retrieve mail from certai
Streszczenie treści zawartej na stronie nr. 7
Juniper Networks NetScreen Release Notes • 03358 – A very long URL entry when you attempt to perform URL filtering sometimes caused the device to fail. • 03356 – The Phase 2 rekey sometimes failed after the Phase 1 expired when you used Kbytes as the criteria to trigger a Phase 2 rekey operation. • 03355 – Track IP packets were sent out at the wrong interval, increasing failed counts (decreasing success rates) even though pings worked correctly. • 03353 – When you configured a policy using th
Streszczenie treści zawartej na stronie nr. 8
Juniper Networks NetScreen Release Notes • 03269 – The Juniper NetScreen-5GT incorrectly autonegotiated to 10MBps half duplex after it had initially set itself to 10MBps full duplex. • 03267 – The anti-virus feature had a problem handling the HTTP packets because a web server inserted too many unnecessary white spaces in the HTTP header. • 03263 – When managing the device from the V1-untrust or V1-trust interface using Manage IP, multiple sessions were created for each packet. • 03261 – When
Streszczenie treści zawartej na stronie nr. 9
Juniper Networks NetScreen Release Notes • 03132 – When using Juniper NetScreen-Remote to connect to a Juniper NetScreen-500 dial-up VPN using the WebUI, the IKE Gateway Configuration displays as user instead of user-group. • 03128 – Mistakes occurred with (MIP) Mapped IP translation when a remote shell used a secondary session initiated from the server for redirecting standard error output from the console. • 03095 – If the Juniper NetScreen-5XT autonegotiated its speed and duplex setting
Streszczenie treści zawartej na stronie nr. 10
Juniper Networks NetScreen Release Notes • 02986 – SSHv2 with RADIUS authentication failed to authenticate external users properly. • 02985/02996 – The Juniper NetScreen-5000 Series systems sometimes failed from memory corruption due to kernel locking. • 02975 – While performing a virus scan with the anti-virus engine, the anti- virus update failed, and no traffic could pass through a Juniper Networks security appliance because the policies blocked it, and the device failed repeatedly. • 029
Streszczenie treści zawartej na stronie nr. 11
Juniper Networks NetScreen Release Notes • 02867 – If the DHCP relay server is set with an IP address, the device incorrectly attempted to resolve the IP address with the host name even though there was no hostname. • 02861 – IP swapping issues occurred on the Juniper NetScreen-5000 Series systems sometimes because of invalid cache. • 02845 – In an NSRP active-passive configuration, improper MAC table entries prevented the backup device from being managed.In some instances, you could not ma
Streszczenie treści zawartej na stronie nr. 12
Juniper Networks NetScreen Release Notes • 02580 – When you created a new custom service, and then configured a VPN using IKE, the Proxy ID setting in the VPN Autokey IKE configuration incorrectly defaults to the new custom service, and not the ANY service. • 02555 – The system incorrectly created sessions for embedded ICMP packets. • 02530 – A TCP stack error caused the BGP neighbor state to change to the Idle state before the BGP holddown time value (default of 180 seconds) expired. The B
Streszczenie treści zawartej na stronie nr. 13
Juniper Networks NetScreen Release Notes • 01998 – You could not save the set console aux disable command into the device configuration. • 01739 – Ping operations would not work if fast aging out of MAC addresses did not occur when a PC migrated from one Juniper NetScreen-5GT port to another in the same zone. • 01635 – The system failed when an H323 recomputed a UDP checksum; the UDP packet lengths sometimes were too consistent with the IP lengths. • 01584 – If a virtual routing instance act
Streszczenie treści zawartej na stronie nr. 14
Juniper Networks NetScreen Release Notes whenever the device restarts and does not effect the normal operation of the device. • 36473 – Restarting a Juniper Networks security appliance while it was performing an operation in flash sometimes damaged the data on the device and caused the device not to restart or to lose the configuration. • 36235 – Adding the pre-defined service entry "ANY" in a multiple service policy sometimes resulted in a system fail. • 36095 – You could not change the IP
Streszczenie treści zawartej na stronie nr. 15
Juniper Networks NetScreen Release Notes • 02926 – The number of syslog messages sent per second from the Juniper Networks security appliance were being limited by an internal process. • 02924 – SMTP (Simple Mail Transfer Protocol) queued emails on Microsoft Outlook 2003 clients timed out when a policy had the anti-virus option enabled because you could not perform more than one SMTP transaction within one session. • 02909 – Embedded ICMP caused the DIP (Dynamic IP) pool memory leak traffic
Streszczenie treści zawartej na stronie nr. 16
Juniper Networks NetScreen Release Notes • 02822 – The DHCP utility did not work on one of the redundant interfaces on a device. The interface did not appear in the DHCP environment in the WebUI. • 02814 – The SNMP interface index values were inconsistent through the SNMP tree. Interface index values uniquely identify each interface. • 02805 – Under certain traffic conditions, some DNS and HTTP session timers were set with higher values than the DNS and HTTP service timeouts. • 02796 – When
Streszczenie treści zawartej na stronie nr. 17
Juniper Networks NetScreen Release Notes • 02709 – When you set a manual VPN authentication setting to NULL on a Juniper Networks security appliance, the device failed because a Null length is invalid. • 02707 – When performing an anti-virus scan on a Juniper NetScreen-5GT device, the device displayed an error-constraint-drop status. • 02699 – When multiple interfaces belonged to different Vsys had the same IP address and subnet mask, VPN traffic to these subnets could pass to the wrong Vs
Streszczenie treści zawartej na stronie nr. 18
Juniper Networks NetScreen Release Notes • 02655 – The event log timestamp changed to Daylight Savings Time (DST) even though DST was not enabled. • 02642 – After configuring SCREEN setting thresholds on a device using the WebUI or CLI, the get config | include command did not display the configured settings. • 02641 – The PKI IKE memory pool on a device had a memory leak caused by the Security Manager agent. • 02637 – A session allocation with less than 1,000 sessions on a
Streszczenie treści zawartej na stronie nr. 19
Juniper Networks NetScreen Release Notes • 02551 – An NSRP backup device indicated that a failover occurred continuously when no failure on the primary device occurred. • 02543 – A device rebooted because of an improperly processed checksum. • 02542 – When upgrading a Juniper NetScreen-5GT from ScreenOS 4.0.0r4 to ScreenOS 5.0.0r3, a PPP connection from a Windows XP client to a Windows 2000 server stopped working. • 02536 – The priority value on a WebTrends syslog message varied from device
Streszczenie treści zawartej na stronie nr. 20
Juniper Networks NetScreen Release Notes • 02333 – When a device attempted to block files with a .exe extension, it incorrectly blocked files with .zip extensions. • 02326 – A device incorrectly created sessions if the IP address had a unicast destination while the destination MAC address had a multicast destination. • 02298 – Commands related to NHTB (Next Hop Tunnel Binding) did not run when you used a blank character when creating a tunnel name for NHTB. • 02297 – An anti-virus scan droppe