•
On SRX210 PoE devices, when AX411 Access Points managed by the SRX Series devices
reboot, the configuration might not be reflected onto the AX411 Access Points. As a
result, the AX411 Access Points retain the factory default configuration. [PR/476850]
•
On SRX240 PoE devices, during failover, on the secondary node the ADSL Mini-PIM
restarts and takes about 3 to 4 minutes to come up. [PR/528949]
Security
•
On SRX3400, SRX3600, SRX5600, and SRX5800 devices, the egress filter-based
forwarding (FBF) feature is not supported. [PR/396849]
•
On SRX210, SRX3400, SRX3600, SRX5600, and SRX5800 devices in a chassis cluster,
if the Infranet Controller auth table mapping action is configured as provisionauth table
as needed, UAC terminates the existing sessions after Routing Engine failover. You
might have to initiate new sessions. Existing sessions are not affected after Routing
Engine failover if the Infranet Controller auth table mapping action is configured as
always provision auth table. [PR/416843]
•
On SRX3400, SRX3600, SRX5600, and SRX5800 devices, you should not configure
rulebase-DDoS rules that have two different application-DDoS objects to run on one
destination service because the traffic destined to one application server can encounter
more than one rule. Essentially, for each protected application server, you have to
configure a single application-level DDoS rule. [PR/467326]
Unified Access Control (UAC)
•
On J Series devices, MAC address-based authentication does not work when the router
is configured as a UAC Layer 2 Enforcer. [PR/431595]
Unified Threat Management (UTM)
•
On SRX210 High Memory devices, content filtering provides the ability to block protocol
commands. In some cases, blocking these commands interferes with protocol
continuity, causing the session to hang. For instance, blocking the FETCH command
for the IMAP protocol causes the client to hang without receiving any response.
[PR/303584]
•
On SRX210 High Memory devices, when the content filtering message type is set to
protocol-only, customized messages appear in the log file. [PR/403602]
•
On SRX210 High Memory devices, the express antivirus feature does not send a
replacement block message for HTTP upload (POST) transactions if the current
antivirus status is engine-not-ready and the fallback setting for this state is block. An
empty file is generated on the HTTP server that contains no block message.
[PR/412632]
•
On SRX240, SRX650, and J Series devices, Eudora 7 (through DUT) and Outlook
Express (directly, not through DUT) downloads infected mail (with an EICAR test file)
to the mail server because of which the mail retrieval is slow. [PR/424797]
•
On SRX650 devices operating under stress conditions, the UTM subsystem file partition
might fill up faster than UTM can process and clean up existing temporary files. In that
case, the user might see error messages. As a workaround, reboot the system.
[PR/435124]
Copyright © 2010, Juniper Networks, Inc.158
JUNOS OS 10.4 Release Notes
To Next Page
Loading...