■ On SRX100, SRX210, SRX240 and, SRX650 devices, the current JUNOS Software
default configuration is inconsistent with the one in Secure Services Gateways,
thus causing problems when users migrate to SRX Series devices. As a
workaround, users should ensure the following steps are taken:
■
The ge-0/0/0 interface should be configured as the Untrust port (with the
DHCP client enabled).
■ The rest of the on-board ports should be bridged together, with a VLAN IFL
and DHCP server enabled (where applicable).
■ Default policies should allow trust->untrust traffic.
■ Default NAT rules should apply interface-nat for all trust->untrust traffic.
■ DNS/Wins parameters should be passed from server to client and, if not
available, users should preconfigure a DNS server (required for download of
security packages).
■ The default values for IKE and IPsec security association (SA) lifetimes for standard
VPNs have been changed in this release:
■
The default value for the lifetime-seconds configuration statement at the [edit
security ike proposal proposal-name] hierarchy level has been changed from
3600 seconds to 28,800 seconds.
■
The default value for the lifetime-seconds configuration statement at the [edit
security ipsec proposal proposal-name] hierarchy level has been changed from
28,800 seconds to 3600 seconds.
Flow and Processing
■ On SRX Series devices, the factory default for the maximum number of backup
configurations allowed is five. Therefore, you can have one active configuration
and a maximum of five rollback configurations. Increasing this backup
configuration number will result in increased memory usage on disk and
increased commit time.
To modify the factory defaults, use the following commands:
root@host# set system max-configurations-on-flash number
root@host# set system max-configuration-rollbacks number
where max-configurations-on-flash indicates backup configurations to be stored
in the configuration partition and max-configuration-rollbacks indicates the
maximum number of backup configurations.
■ On J Series devices, the following configuration changes must be done after
rollback or upgrade from JUNOS Release 10.1 to 9.6 and earlier releases.
■
Rename lsq-0/0/0 to ls-0/0/0 in all its occurrences.
■
Remove fragmentation-map from the [class-of-service] hierarchy level and
from [class-of-service interfaces lsq-0/0/0], if configured.
■
Remove multilink-max-classes from [ls-0/0/0 unit 0], if configured.
128 ■ Changes In Default Behavior and Syntax in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services
Routers
JUNOS 10.1 Software Release Notes
To Next Page
Loading...
Need help?
General
