Juniper Networks

NetScreen Release Notes

 

 

SSH Version 1 Interoperability – The embedded SSH server in ScreenOS 5.0.0 has issues with the client from SSH Communications Security when operating in SSH version 1 mode.

W/A: Use SSH version 2 or a different SSH version 1 client, such as

OpenSSH.

Primary & Backup Interfaces – (Juniper NetScreen-5XT) The primary and backup interfaces bound to the Untrust security zone cannot both use DHCP for address assignment at the same time. You can use DHCP for one interface and PPPoE for the other. Or you can use PPPoE for both interfaces.

Loading License Keys – The Juniper NetScreen-5XP device does not properly load license keys via the WebUI. However, you can load license keys via the CLI using the exec license-keycommand.

Aggressive Aging – The Aggressive Aging feature is not supported on the Juniper NetScreen-5000 Series devices.

SSHv2 Implementations – The SSHv2 feature specification requires support for two implementations: OpenSSH and Secure CRT.

Upgrade Limitations – When upgrading a device to ScreenOS 5.0.0UPGR in Transparent mode, the device experiences the following problems:

The device fails during upgrading from ScreenOS 4.0.1 to ScreenOS 5.0.0 in a VPN scenario.

In clear text situations (where traffic is not encrypted to pass through a VPN tunnel), after the upgrade to ScreenOS 5.0.0UPGR, the user had to run the clear arp and clear mac-lcommands to enable the device to work because some ARP entries learn on the wrong port.

Updated Message ID Numbers – The NetScreen Message Log Reference Guide (Part Number 093-0917-000 Rev. D) now contains an updated message ID number for Deep Inspection attack messages. The message, formerly associated with ID number 00001, now maps to ID number 00601. Although the ID number has already been changed in the guide, the ID number will not change in the code until the next revision of ScreenOS 5.0.0.

5.2Compatibility Issues in ScreenOS 5.0.0

Below are the known compatibility issues at the time of this release. Whenever possible, a workaround (starting with “W/A:”) has been provided for your convenience.

• General Compatibility Issues

ScreenOS 5.0.0r9-FIPS

P/N 093-1638-000, Rev. A

Page 30 of 42

Page 30
Image 30
Juniper Networks 5200, 208, 204, 500, 5XT, 5400 manual Compatibility Issues in ScreenOS, General Compatibility Issues