Manual Juniper Networks 500

42 pages 0.31 mb
Download

Go to site of 42

Summary
  • Juniper Networks 500 - page 1

    ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 1 of 42 Juniper Networks NetScreen Release Notes Product: Juniper NetS creen-5XT, Juniper NetScreen-204, Juniper NetScreen-208, Juniper NetScreen -500, Juniper NetScreen-5200, Juniper NetScreen-5400 Version: ScreenOS 5.0.0r9-FIPS Release Status: Private Part Number: 093-1638-000, Rev. A Date: 6-01 ...

  • Juniper Networks 500 - page 2

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 2 of 42 5. Known Issues o n page 29 5.1 Limitation s of Features in ScreenOS 5.0.0 on page 29 5.2 Compatibility Issues in ScreenOS 5.0.0 on page 30 5.2.1 Upgrade Paths from P revious Releases on page 31 5.3 Known Issues in Scre enOS 5.0.0 o n page 32 5.3. ...

  • Juniper Networks 500 - page 3

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 3 of 42 Refer to the following table to understan d what ScreenOS v ersions map to w hich product. 2. New Features and Enhancements The following sections detail new featur es and enhancements in ScreenOS 5.0.0 releases. For a complete list and descriptio ...

  • Juniper Networks 500 - page 4

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 4 of 42 According to Trend Micro, the categories of viruses bypassed include HTML and Javascript. However, the subset o f the bypassed viruses can be described as the following: Javascript/Jscript/HTML embedded in HTML code (having HTTP content type of te ...

  • Juniper Networks 500 - page 5

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 5 of 42 3. Changes to Default Behavior There are numerous changes in default behavior. For detailed information on changes to default behavior in ScreenOS 5.0.0, refer to the Juniper Networks NetScreen ScreenOS Migration Guide . Specific changes in defaul ...

  • Juniper Networks 500 - page 6

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 6 of 42 • 03537 – The device failed when it incorrectly sent the DHCPDISCOVER packet out in the callback function. • 03528 – The subscription key retrieval oper ation worked only intermittently because the device did not cl ose the SSL socket prop ...

  • Juniper Networks 500 - page 7

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 7 of 42 • 03358 – A very long URL entry when y o u attempt to perform URL filtering sometimes caused th e device to fail. • 03356 – The Phase 2 rekey sometimes fail ed after the Phase 1 expired when you used Kbytes as the criteria to trigger a Pha ...

  • Juniper Networks 500 - page 8

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 8 of 42 • 03269 – The Juniper Net Screen-5GT incorre ctly autonegotiat ed to 10MBps half duplex after it had initi ally set itself to 10MBps full duplex. • 03267 – The anti-virus feature had a problem handling the HTTP packets because a web serve ...

  • Juniper Networks 500 - page 9

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 9 of 42 • 03132 – When using Juniper NetScreen- Remote to connect to a Juniper NetScreen-500 dial-up VPN usin g the WebUI, the IKE Gateway Configuratio n displays as user instead of user-g roup . • 03128 – Mistakes occurred with (MIP) Mapp ed IP t ...

  • Juniper Networks 500 - page 10

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 10 of 42 • 02986 – SSHv2 with RADIUS auth entication failed to authenticate external users properly. • 02985/02996 – The Juniper NetScreen-5000 Se ries systems sometimes failed from memory corruption due to kernel locking. • 02975 – While perf ...

  • Juniper Networks 500 - page 11

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 11 of 42 • 02867 – If the DHCP relay se rver is set with an IP address, the dev ice incorrectly attempted to resolve the IP address with the host name even though there was no hostname. • 02861 – IP swapping issues occ urred on the Juniper NetScre ...

  • Juniper Networks 500 - page 12

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 12 of 42 • 02580 – When you created a new custom service, and then confi gured a VPN using IKE, the Proxy ID setting in the VPN Autokey IKE configuration incorrectly defaults to the n ew custom se rvice, and n ot the ANY se rvice. • 02555 – The sy ...

  • Juniper Networks 500 - page 13

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 13 of 42 • 01998 – You could n ot save the set console aux disable command into the device config uration. • 01739 – Ping oper ations would not work if fast agi ng out of MAC addresses did not occur when a PC migrated from one Juniper NetScreen-5G ...

  • Juniper Networks 500 - page 14

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 14 of 42 whenever the device restarts and does not effect the normal operation of the device. • 36473 – Restarting a Juniper Networks secu rity appliance while it was performing an operatio n in flash some times damaged the data on the device and caus ...

  • Juniper Networks 500 - page 15

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 15 of 42 • 02926 – The number of syslog messages sent per second from the Juniper Networks security applia nce were being limite d by an in ternal process. • 02924 – SMTP (Simple Mail Transfer Prot ocol) queued emai ls on Microsoft Outlook 2003 cl ...

  • Juniper Networks 500 - page 16

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 16 of 42 • 02822 – The DHCP utility did not work on one of the redundant interfaces on a device. The interface did not appe ar in the DHCP environment in the WebUI. • 02814 – The SNMP interface in dex values were inconsistent through the SNMP tree ...

  • Juniper Networks 500 - page 17

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 17 of 42 • 02709 – When you set a manual VPN auth entication setting to NULL on a Juniper Networks security appliance, th e device failed because a Null length is invalid. • 02707 – When performing an anti-virus scan on a Juni per NetScreen-5GT de ...

  • Juniper Networks 500 - page 18

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 18 of 42 • 02655 – The event log timesta mp changed to Daylight Savings Time (DST) even though DST was not enabled. • 02642 – After configuring SCREEN setting threshol ds on a device usi ng the WebUI or CLI, the get config | include < screen_se ...

  • Juniper Networks 500 - page 19

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 19 of 42 • 02551 – An NSRP backup devic e indicated that a failov er occurred continuously when no failure on the primary device occurred. • 02543 – A device rebooted because of an improperly processed checksum. • 02542 – When upgra ding a Jun ...

  • Juniper Networks 500 - page 20

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 20 of 42 • 02333 – When a device att empted to bloc k files with a .exe extension, it incorrectly block ed files with .zi p extension s. • 02326 – A device incorrectly created sessi ons if the IP address had a unicast destination while the destina ...

  • Juniper Networks 500 - page 21

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 21 of 42 4.3 Addressed Issues from ScreenOS 5.0.0r7 Manufacturing-only release. 4.4 Addressed Issues from ScreenOS 5.0.0r6 • 38268 – A J uniper Networks security applia nce running a BGP peer vi rtual routing instance cannot use an MD5 type password w ...

  • Juniper Networks 500 - page 22

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 22 of 42 • 02384 – The device failed if you connecte d an Ethernet cable to the untrust interface in the v1-untrust zone w hil e the device was in transparent mode. • 02383 – Under some circumstances, the OSPF routing instance could not build an a ...

  • Juniper Networks 500 - page 23

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 23 of 42 • 02272 – HTTP and HTTPS packets passe d through VPN tunnels more slowly than expected, sometimes to th e point of timing out and causing the device to continually retransmit the pac kets. • 02250 – The device sometimes generated an error ...

  • Juniper Networks 500 - page 24

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 24 of 42 • 37069 – The configuration wizard option in the WebUI that enables you to skip the wizard screens was not present on the initial wizard screen. This option enables you to go directly to the WebUI login wi ndow to enter the device to manage i ...

  • Juniper Networks 500 - page 25

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 25 of 42 • 02134 – When a policy specified a service that conta ined the same ranges for both the source port and destin ation port, traffic associated with other services with the same port ranges ma tched the conditions of t he policy and the policy ...

  • Juniper Networks 500 - page 26

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 26 of 42 discrepancy, you had to read the text de scription of the trap type to identify it. Now you can refer to the trap type value to identify it. For e xample, the traditional SNMP trap type value for a Cold Start event is 0. Please check the ScreenOS ...

  • Juniper Networks 500 - page 27

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 27 of 42 • 01985 – You could not schedule a policy using the WebUI. • 01970 – Under cert ain circumstances, th e Juniper Networks security appliance did not send email alert s. • 01943 – When the DH CP payload (i nformati on included with the ...

  • Juniper Networks 500 - page 28

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 28 of 42 • 36717 – When upgrading to ScreenOS 5.0.0, the maxi mum number of address groups allowed for Layer2 predefined zones incorrectl y got set to the same number as for custom zones. As a result, if the numbe r of address groups in Layer2 predefi ...

  • Juniper Networks 500 - page 29

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 29 of 42 • 01958 – An internal mishandling of the MAC cache could ca use a security appliance to crash . • 01944 – The group addresses for V1-untrust zone were getting lost after upgrading a device from a previo us rele ase. The group address for ...

  • Juniper Networks 500 - page 30

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 30 of 42 • SSH Version 1 Interoperability – The embedded SSH server in ScreenOS 5.0.0 has issues wi th the client fr om SSH Communications Security when operating in SSH version 1 mode. W/A: Use SSH version 2 or a different SSH version 1 client, such ...

  • Juniper Networks 500 - page 31

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 31 of 42 – Freeswan - The Freeswan 1.3 VPN client is incompat ible with ScreenOS 5.0.0 in certain co nfigurations due to IKE feature s that Freeswan doe s not fully support . The result is tha t Phase 2 negot iations and Phase 2 SA will not complete if ...

  • Juniper Networks 500 - page 32

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 32 of 42 Juniper NetScreen- 5000 series only : Before you upgrade a Jun iper Networks security applia nce to ScreenOS 5.0.0, we recommend that you verify the amount of memory on the device us ing the get system CLI command. You ne ed 1 gigaby te of memory ...

  • Juniper Networks 500 - page 33

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 33 of 42 • 03504 – The value of the sysUpTime variable from an SNMP query incorrectly displays as more than 497 da ys. • 03495 – When the dev ice drops packets after you issued the set f low tcp- syn-check command, ScreenOS does no t log the drop ...

  • Juniper Networks 500 - page 34

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 34 of 42 W/A: Execute the save command first, be fore executing the save config from flash to slot1 command. 5.3.3 Known Issues from ScreenOS 5.0.0r7 None. 5.3.4 Known Issues from ScreenOS 5.0.0r6 None. 5.3.5 Known Issues from ScreenOS 5.0.0r5 None. 5.3.6 ...

  • Juniper Networks 500 - page 35

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 35 of 42 5.3.7 K nown Issues from Scre enOS 5.0.0r3 for the 5000-M2 • 38001 – When you run the get sessi on command, ScreenOS sometimes displays the policy ID n umber incorre ctly as a negative nu mber. • 37993 – When enabled on a Juniper NetScree ...

  • Juniper Networks 500 - page 36

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 36 of 42 • 36807, 36876 – When a 10 0Mbps link between a Juniper NetScreen-5 000 Series system and another device reve rts to a 10Mbps throughpu t level on the other device, the Juni per NetScreen-5000 Series system remains at the 100Mbps throughput l ...

  • Juniper Networks 500 - page 37

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 37 of 42 exceeds the maximum number of routes permitted on a single page, all subsequent pages display the routes from the first page. • 35417 - If you set the guaranteed or maximum bandwidth (GBW or MBW) higher than the interface bandwidth , traffic do ...

  • Juniper Networks 500 - page 38

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 38 of 42 displays only when you issue a ‘get event' CLI command, and not when you issue a 'g et log event' CLI command. • 33916 - A Juniper Networks securit y appliance supports a maximum of 256 OSPF interfaces. • 33598 - For inter-vs ...

  • Juniper Networks 500 - page 39

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 39 of 42 number to the same port number as th e original destination port. This does not affect traffic. • 30844 - When AV is enabled, you cannot down load files to the Juniper Networks security appliance through a VPN using the WebUI. W/A: Specify a pe ...

  • Juniper Networks 500 - page 40

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 40 of 42 • 28138 - The Websense server provides erroneous protocol version information, which the J uniper Netw orks security appliance displays. • 28016 - Juniper Networks secu rity appliances do not support a MIP in the same zone as the destination ...

  • Juniper Networks 500 - page 41

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 41 of 42 6. Getting Help For further assistance with Ju niper Netwo rks products, visit www.juniper.n et/support Juniper Networks occasionally provides maintenance releases (updates and upgrades) for ScreenOS firm ware. To have access to these releases, y ...

  • Juniper Networks 500 - page 42

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 42 of 42 ...

Manufacturer Juniper Networks Category Network Router

Documents that we receive from a manufacturer of a Juniper Networks 500 can be divided into several groups. They are, among others:
- Juniper Networks technical drawings
- 500 manuals
- Juniper Networks product data sheets
- information booklets
- or energy labels Juniper Networks 500
All of them are important, but the most important information from the point of view of use of the device are in the user manual Juniper Networks 500.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Juniper Networks 500, service manual, brief instructions and user manuals Juniper Networks 500. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Juniper Networks 500.

A complete manual for the device Juniper Networks 500, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Juniper Networks 500 by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Juniper Networks 500.

A complete Juniper Networks manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Juniper Networks 500 - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Juniper Networks 500, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Juniper Networks 500, that we can find in the current document
3. Tips how to use the basic functions of the device Juniper Networks 500 - which should help us in our first steps of using Juniper Networks 500
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Juniper Networks 500
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Juniper Networks 500 in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Juniper Networks 500?

Use the form below

If you did not solve your problem by using a manual Juniper Networks 500, ask a question using the form below. If a user had a similar problem with Juniper Networks 500 it is likely that he will want to share the way to solve it.

Copy the text from the picture

Comments (0)