Devices Running Screenos And Idp - Juniper NETWORK AND SECURITY MANAGER - RELEASE NOTES REV 3 Release Note

Devices Running ScreenOS and IDP

Copyright © 2010, Juniper Networks, Inc.
the NSM Device Server as a known host to the switch. To do this, log in to the EX Series
switch through Telnet or SSH and then SSH to the NSM Device Server IP. This adds
the NSM Device Server as a known host in the switch. Without this manual intervention,
automatic import of config files does not take place from EX Series switches.
You do not need to perform this step for EX Series devices running Junos OS Release
9.2R3 or 9.3R2.
398860—If you use LLDP, IP phones connected to 9.2R1.10 EX Series switches are not
discovered. You need to upgrade to EX Series 9.2R2.15 or later.
402243—On a virtual chassis, if there is a physical link through the vme0 interface to
an adjacent EX Series switch, topology discovery records two links, one from the vme
interface and another from the me0 interface.
406887—Topology discovery commits data in small chunks to the database. If one of
many such transactions fails, the remaining data is not committed. This could create
inconsistent data in the database.
427855—When both master and backup router engines in a grande device are reachable
by SNMP, topology discovery displays them as two separate devices in the topology
map.
444091—Wrong links are discovered with EX8200 devices with only STP/RSTP. Enable
LLDP on all the switches to ensure that links are discovered properly.
446950—Because of a UI issue, NSM incorrectly allows you to create virtual chassis
with EX3200-24P. Virtual chassis should be created with EX4200 platforms only.
294030—On an ISG device, sufficient device memory is required to compile the policy
during an update from NSM. A policy that specifies All attacks needs 600 MB or more
RAM on the device. The update fails if the amount of RAM is insufficient. Contact JTAC
for a workaround.
450906—When IPv6 is enabled on an interface in host mode, NSM does not generate
any interface ID unless configured by the user whereas ScreenOS does, causing a
mismatch. A workaround is to import the device into NSM after you update the IPv6
settings.
454755—ScreenOS does not treat DI profiles as standard shared objects. Hence NSM
does not reflect changes in the profiles after you import a device.
458945—NSM cannot manage a device running a ScreenOS version earlier than 6.3
with an IPv6 configuration. For NSM to effectively manage the device, it must be
upgraded to ScreenOS 6.3 and added or imported into NSM.
461167—You cannot export device logs using the syslog option from the NSMXpress
WebUI.
461181—Updating fails when a policy with web filtering enabled is pushed to a vsys
device from NSM.
461986—You cannot generate reports and e-mail them using the email.sh option in
the NSMXpress appliance.
Known Issues
31