Juniper NETWORK AND SECURITY MANAGER - RELEASE NOTES REV 1 Release Note page 20

Network and Security Manager 2010.4 Release Notes
20
404479—NSM does not list physical interfaces imported to vsys or cluster vsys devices
if they are configured in the shared zone. If the interface is not configured in the shared
zone, NSM displays it in the interface list.
If you add a Junos OS device to NSM through the unreachable workflow, execute the
following commands on the device CLI to enable logging on it:
set system syslog file default-log-messages any
set system syslog file default-log-messages structured-data
404943—When the predefined service 'any-ip' is selected in a policy-based VPN and
the device is updated, NSM generates an invalid CLI.
406791—After migration from NSM 2008.1R1 to 2008.2, editing a VPN results in a
reference error under the manually created NHTB entry in NSM 2008.1R1.
409350—NSM does not support automatic ADM transformation for DMI devices. VPN
monitor does not display an entry for the vsys cluster member if the name of the
member is changed.
410009—When a large number of devices is discovered, topology discovery displays
unconnected devices, connected devices, and links as overlapping each other. The
workaround is to manually drag unconnected device icons to free areas in the topology
map, or view connected and unconnected devices separately.
422422—With every action, the NSM server increases its usage of memory which does
not get freed later.
426324—The NSM guiSvrManager does not scale up to manage 6000 devices. You
must limit the number of managed devices to a total of 3500 firewalls and DMI devices
with 10K configurations and 5 GUI clients.
434863—VPN manager automatically fills tunnel proxy information for a route-based
VPN. However, for external devices, you may want to check the proxy information and
change it manually, if required.
436587—In NSM 2008.1, the value of the NHRP field in the vrouter schema is True,
thereby enabling NHRP on all vrouters by default. In NSM 2008.2R2, the NHRP default
value is False. Migrating from either NSM 2008.1R2 or NSM 2008.2R1 to NSM 2008.2R2
ensures that wrongly enabled vrouters are reset.
437109—If you disable backup during a high availability installation of NSM, then manual
backups using the script replicateDb present in the /usr/netscreen/HaSvr/utils/
directory are not allowed as well.
437457—When you update an ICAP profile in a vsys device, the update fails.
438631—When an IDP device is upgraded from 4.1R3 to 5.0, the IDP configuration files
are not imported to NSM. This is because the packet capture settings in IDP 5.0 devices
are configurable from NSM, and are limited to 1000 to 65535, unlike in IDP 4.1R3 devices.
439567—Since IDP and ISG devices support multiple services, NSM also allows multiple
services to be added in an IDP policy. However since SRX Series devices do not support
multiple services in IDP policies, a device update fails after a service field is changed
in the IDP policy.
Copyright © 2010, Juniper Networks, Inc.