Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5 Release Note page 163

Hide thumbs Also See for JUNOS OS 10.4 - RELEASE NOTES REV 5:

Release note (216 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

page of 209

/ 209
Contents
Table of Contents
Bookmarks

Table of Contents

Issues in Junos OS Release 10.4 for SRX Series Services Gateways and J Series Services Routers

The SSL function is known to take an exponentially large amount of time when the

key size is increased. Key sizes of 1024 bits and 2096 bits are OK to process because

their processing time is below the watchdog threshold, but the key size of 4096 bits

should not be used when sending stress traffic. Also, IDP uses SSL hardware for <=

1024-bit keys. The throughput is much higher for the traffic using <= 1024-bit SSL

private keys. [PR/524452 ]

On SRX3400, SRX3600, SRX5600, and SRX5800 devices, when packet-logging

functionality is configured with an improved pre-attack configuration parameter value,

the resource usage increases proportionally and might affect the performance.

[PR/526155]

On SRX100, SRX210, SRX220, SRX240, and SRX650 devices, IDP policies greater than

19 MB do not get loaded. [PR/540856]

On SRX100 and SRX240 High Memory devices, whenever the folder

deleted or any folder

/var/db/idpd/db

the system must be rebooted for proper functioning of idpd. [PR/551412]

IPv6

Proxy-ndp does not work in IPv6. Hence, the following issues exist:

proxy-ndp cannot be configured under

publish MAC for specific IPv6 addresses will not work under

[PR/549969]

ISSU

In-service software upgrade (ISSU) is not supported for upgrading VPN, NAT, IPv6,

FTP ALG, TFTP ALG, or IDP functionality. If ISSU is used while the noted functionality

is enabled, SRX Series devices might be left in an invalid state. The upgrade options

are either to disable unsupported ISSU features prior to the upgrade or to use a standard

upgrade procedure with a reboot. [PR/558566, PR/530035].

J-Flow

SRX3400, SRX3600, SRX5600, and SRX5800 devices support the 4-byte autonomous

system (AS) for BGP configuration. However, J-Flow template versions 5 and 8 do not

support 4-byte AS because these J-Flow templates have 2 bytes for the SRC/DST AS

field. [PR/416497]

On SRX3400, SRX3600, SRX5600, and SRX5800 devices, J-Flow sampling on the

virtual router interface does not show the values of autonomous system (AS) and

mask length. The AS or mask length values of

the packet on the virtual router interface. [PR/419563]

that is under the folder

var/db/idpd

Security

NAT

Interfaces

cflowd

packets show

/var/db/idpd

is deleted,

set interfaces

while sampling

163

Table of Contents

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5

This manual is also suitable for:

Junos os 10.4

Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5 Release Note page 163

Related Manuals for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5

This manual is also suitable for:

Table of Contents