Juniper NETWORK AND SECURITY MANAGER - RELEASE NOTES REV 3 Release Note page 22

Network and Security Manager 2010.3 Release Notes
22
note that TCP port 7808 is being used for server-UI communication." Earlier versions
of NSM connected through port 7801, which was not FIPS compliant.
303308— Excessive retry operations can cause a DMI device to malfunction if NSM
closes the connection to the device while the device is trying to connect to NSM. When
you add a DMI device through the NSM UI, you first add an unreachable device and
then use the generated key to configure the device so that the device can initiate the
connection to the NSM server. The connection will fail, however, if NSM closes the
connection because:
The device is in the modeled RMA state.
The device shares a duplicate sequence number with another managed device.
The platform or device type (cluster member, virtual chassis, and so on) you specified
while adding the device does not match the device itself.
You can check for these conditions by examining the Configuration Status in the Device
List. If the Configuration Status is RMA, Detected duplicate serial number, Platform
mismatch, or Device type mismatch, delete the device immediately from NSM to
prevent excessive connection retries from causing a device malfunction, such as
exceeding the maxproc limit, or reaching 100 percent CPU utilization. To add the device
again, make sure the platform type and device type specified in the device add workflow
match those of the device itself.
304406—During an NSM installation in an HA environment, when performing a refresh
with the NSM installer or NSMXpress UI, the HA peers may not initialize communication
properly. This problem commonly occurs when you migrate from a single NSM server
to an HA configuration. The error does not occur when you perform a clean install or
an upgrade using the NSM installer.
305451—On a subinterface, the NSM template does not display a data origin icon under
the Service Options.
312509—When you configure the Network Address Translation (NAT) rule set on an
SRX Series device running Junos OS Release 9.2, it is not imported correctly into NSM.
313889—When you connect 3000 or more devices to NSM, the GUI client freezes for
a few minutes because of the large number of notifications from the GUI server.
If you add a Junos OS device to the NSM database through the reachable device
workflow, you must enable netconf for SSH (specific to system services) by running
the following command in the device CLI: set system services netconf ssh.
388578—NSM 2008.1r1 does not support SSL-VPN security devices.
394543—When you update the configurations of more than 30 devices together, the
update device operation can take up to 10 minutes.
396285—Rebooting NSM servers fails in a Solaris 10 environment. You can use either
of these workarounds to start or stop an NSM server:
Use
/etc/init.d/guiSvr and /etc/init.d/devSvr
Use /usr/netscreen/GuiSvr/bin/guiSvr.sh
as an NSM user. You cannot use this script as the root user.
as the root user.
and /usr/netscreen/DevSvr/bin/devSvr.sh
Copyright © 2010, Juniper Networks, Inc.