•
The Junos OS Security Configuration Guide does not state that custom attacks and
custom attack groups in IDP policies can now be configured and installed even when
a valid license and signature database are not installed on the device.
•
The “Verifying the Policy Compilation and Load Status” section of the Junos OS Security
Configuration Guide has a missing empty/new line before the IDPD Trace file heading,
in the second sample output.
•
The Junos OS Security Configuration Guide states that the following aggressive aging
statements are supported on all SRX Series devices when in fact they are not supported
on SRX3400, SRX3600, SRX5600, and SRX5800 devices:
•
[edit security flow aging early-ageout]
•
[edit security flow aging high-watermark]
•
[edit security flow aging low-watermark
•
The Junos OS Security Configuration Guide states that the maximum acceptable timeout
range for an IDP policy is 0 through 65,535 seconds, whereas the ipaction timeout
range has been modified to 0 through 64,800 seconds.
•
The Junos OS Security Configuration Guide is missing information about the new CLI
option download-timeout, which has been introduced to set security idp security-package
automatic download-timeout < value > to configure the download timeout in minutes.
The default value for download-timeout is one minute. If download is completed before
the download times out, the signature is automatically updated after the download.
If the download takes longer than the configured period, the auto signature update is
aborted.
user@host# set security idp security-package automatic download-timeout ?
Possible completions: < download-timeout >
Maximum time for download to complete (1 - 60 minutes)
[edit]
user@host# set security idp security-package automatic download-timeout
Range: 1 – 60 seconds
Default: 1 second
•
The Junos OS Security Configuration Guide states the following limitations in the
“Limitations of IDP” section:
On SRX Series and J Series devices, IP actions do not work when you select a timeout
value greater than 65,535 in the IDP policy.
This issue has been fixed and is no longer a limitation.
•
The Junos OS Security Configuration Guide incorrectly states the following limitations
in the “Limtations of IDP” section:
On SRX210, SRX240, and SRX650 devices, the maximum number of IDP sessions
supported is 16,000.
The correct information is as follows:
The maximum number of IDP sessions supported is 1600 on SRX210 devices, 32,000
on SRX240 devices, and 128,000 on SRX650 devices.
169Copyright © 2010, Juniper Networks, Inc.
Errata and Changes in Documentation for Junos OS Release 10.4 for SRX Series Services Gateways and J Series Services Routers
To Next Page
Loading...