J-Web - Juniper JUNOS 10.1 - RELEASE NOTES REV 4 Release Note

Hide thumbs Also See for JUNOS 10.1 - RELEASE NOTES REV 4:

Release note (204 pages)

Configuration manual (1654 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

page of 205

/ 205
Contents
Table of Contents
Bookmarks

Table of Contents

Known Limitations in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services Routers

J-Web

Known Limitations in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services Routers

Getting_Started

IDP_Default

Recommended

Web_Server

IDP deployed in both active/active and active/passive chassis clusters has the

following limitations:

No inspection of sessions that fail over or fail back.

The IP address action table is not synchronized across nodes.

The Routing Engine (RE) on the secondary node might not be able to reach

networks that are reachable only through a Packet Forwarding Engine (PFE).

The SSL session-ID cache is not synchronized across nodes. If an SSL session

reuses a session-ID and it happens to be processed on a node other than the

one on which the session-ID is cached, the SSL session cannot be decrypted

and will be bypassed for IDP inspection.

IDP deployed in active/active chassis clusters has the following limitation:

For time-binding scope source traffic, if attacks from a source with more

than one destination have active sessions distributed across nodes, the attack

might not be detected because time-binding counting has a local-node-only

view. Detecting this sort of attack requires an RTO synchronization of the

time-binding state that is not currently supported.

On SRX100, SRX210, SRX240, and SRX650 devices, maximum supported entries

in ACS table for is 100,000 entries. However, since the user land buffer has fix

size of 1MB as a limitation, therefore it displays maximum 38837 cache entries.

IDP does not allow header checks for nonpacket contexts.

On J Series devices, some J-Web pages for new features (for example, the Quick

Configuration page for the switching features on J Series devices) display content

in one or more modal pop-up windows. In the modal pop-up windows, you can

interact only with the content in the window and not with the rest of the J-Web

page. As a result, online Help is not available when modal pop-up windows are

displayed. You can access the online Help for a feature only by clicking the Help

button on a J-Web page.

On SRX Series devices, you cannot use J-Web to configure a VLAN interface for

an IKE gateway. VLAN interfaces are not currently supported to be used as IKE

external-interfaces.

139

Table of Contents

Need help?

Do you have a question about the JUNOS 10.1 - RELEASE NOTES REV 4 and is the answer not in the manual?

Questions and answers

This manual is also suitable for:

Networks junos 10.1

J-Web - Juniper JUNOS 10.1 - RELEASE NOTES REV 4 Release Note

J-Web

Need help?

Questions and answers

Related Manuals for Juniper JUNOS 10.1 - RELEASE NOTES REV 4

Related Content for Juniper JUNOS 10.1 - RELEASE NOTES REV 4

This manual is also suitable for:

Table of Contents