Table of Contents
Advertisement
Juniper Networks Intrusion Detection and Prevention Release Notes
Table 5: Known Issues (continued)
PR
Description
508363
False positive where SSL:Audit:Non-SSL is wrongly detected in HTTPS traffic. The issue only occurs when
SSL:Audit:Non-SSL is included in a compound signature with another member having stream256 context.
Configuration
303672
In custom attack objects, in attack signatures, negation inside case-insensitive block is not supported. To work
around this issue, rewrite the signature to avoid negation inside a case-insensitive block.
415301
Policy validation through NSM does not return a warning if the APE rulebase rate limit you specify exceeds the
ingress and egress capacity of device. You must be careful to consider the capacity of your links when you specify
APE rulebase rate limiting actions.
426720
In the following scenario, NSM policy validation should report a rule shadowing condition because the second
rule could never be applied.
Rule
Source
1
any
2
any
Traffic to port 80 would be inspected for only SMTP attacks and not HTTP attacks.
431702
You must be careful configuring speed and duplex for IDP75 and IDP800 onboard interfaces and IDP8200 I/O
module copper interfaces. The speed and duplex setting for the IDP Series interfaces and the peer switch or
firewall interfaces must match. The best practice is to set both to AUTO. If you do not use auto-negotiation on
both sides, you must ensure the explicitly specified speed and duplex settings match.
We have observed traffic dropping if the IDP Series interfaces are configured as 100/10/1000 half/full duplex
(AUTO-OFF) and the peer switch or firewall is configured as AUTO-ON.
536881
The NSM object editor does not enforce correct use of the within bytes constraint for custom signature attack
objects.
When you set a byte range constraint, you set a start point that is Context, Packet, or Stream. Your selection
must be consistent with the pattern context setting for the attack object. For example, if you configured one of
the service contexts, select Context. If you configured one of the packet contexts, select Packet. If you configured
one of the stream contexts, select Stream.
In NSM, it is possible to select a start point that is inconsistent with the pattern context setting. For example,
the NSM object editor allows you to configure a pattern context http-variable and then set a within bytes start
point that is start-of-packet. However, the within bytes match logic will be resolved to the start point you should
have selected: context.
536967
When you configure a custom signature attack object, you can optionally set multiple within bytes constraints.
Multiple entries are evaluated as a Boolean OR. This PR is to track a request for support for cases where you
would want multiple entries processed as a Boolean AND.
537217
If you change the third-party HA setting (enable to disable, and vice versa), ACM reboots the device.
537481
IDP OS Release 5.1 does not support the within bytes constraint for custom compound attack objects.
16
Destination
Service
any
HTTP
any
HTTP
Attacks
All SMTP attacks
All HTTP attacks
Copyright © 2011, Juniper Networks, Inc.
Advertisement
Table of Contents
