Interfaces And Routing; Intrusion Detection And Prevention (Idp) - Juniper JUNOS 10.1 - RELEASE NOTES REV 4 Release Note
Hide thumbs
Also See for JUNOS 10.1 - RELEASE NOTES REV 4:
- Release note (204 pages) ,
- Configuration manual (1654 pages)
Table of Contents
Advertisement
Changes In Default Behavior and Syntax in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services Routers
Interfaces and Routing
Intrusion Detection and Prevention (IDP)
Changes In Default Behavior and Syntax in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services
Remove
link-layer-overhead
If the LFI forwarding class is mapped to
and the configuration hierarchy is enabled on
10.1, then
Add
interleave-fragments
Adjust classifier configured for LFI on
to classify packets to Q2
If the aforementioned instructions are not followed, the bundle will be incorrectly
processed.
On SRX Series devices, to minimize the size of system logs, the default logging
level in the factory configuration has been changed from
On SRX3000 and SRX5000 line devices, the
set routing-options flow
CLI statements are no longer available, because BGP flow
spec functionality is not supported on these devices.
On SRX100, SRX210, SRX240, and SRX650 devices, the autoinstallation
functionality on an interface enables a DHCP client on the interface and remains
in the DHCP client mode. In previous releases, after a certain period, the interface
changed from being a DHCP client to a DHCP server.
On SRX5600 and SRX5800 devices, while running commands in IDP, ensure
that you provide the service field values for custom attack definitions in lowercase.
In the following example, the protocol service field value
lowercase:
set security idp custom-attack temp severity info attack-type signature context packet
direction any pattern .* protocol udp destination-port match equal value 1333
On SRX3400, SRX3600, SRX5600, and SRX5800 devices, for brute force and
time-binding-related attacks, the logging is to be done only when the match
is equal to the
. That is, only one log is generated within the 60-second
threshold
period in which the threshold is measured. This process prevents repetitive logs
from being generated and ensures consistency with other IDP platforms like
IDP-standalone.
On SRX Series and J Series devices, the IDP
on TCP, UDP, and ICMP flows. When the ip-action target is service, the ip-action
flow is applied if the traffic matches the values specified for protocol, destination
port, source address, and destination address. However, for ICMP flows, the
destination port is 0, so that any ICMP flow matching protocol, source address,
from
[ls-0/0/0 unit 0]
, if configured.
no-fragmentation
lsq-0/0/0
under
[ls-0/0/0 unit 0]
lsq-0/0/0
under
set protocols bgp family inet flow
ip-action
statement is now supported
in
fragmentation-map
in JUNOS Release
[class-of-service]
any any
to
any critical
.
and
is specified in
udp
count
129
Routers
Advertisement
Table of Contents
Need help?
Do you have a question about the JUNOS 10.1 - RELEASE NOTES REV 4 and is the answer not in the manual?
Questions and answers