Juniper Networks 208, 5200, 204, 500, 5XT, 5400 manual Juniper Networks NetScreen Release Notes

exceeds the maximum number of routes permitted on a single page, all subsequent pages display the routes from the first page.

•35417 - If you set the guaranteed or maximum bandwidth (GBW or MBW) higher than the interface bandwidth, traffic does not pass through if there is a policy configured that specifies traffic shaping.

W/A: Adjust the GBW or MBW to be equal or less than the interface bandwidth.

•35336 - If you enabled VPN tunneling for syslog traffic and the source interface is bound to a zone that contains multiple interfaces, after upgrading a device from ScreenOS 4.0.0 to ScreenOS 5.0.0, the source interface might have changed.

W/A: After upgrading the Juniper Networks security appliance, verify the VPN settings for syslog and modify if necessary.

•35238 - For devices in an NSRP configuration, active/active or active- passive, you have to manually issue the delete ssh device all CLI command on both devices.

•34950 - (Juniper NetScreen-5000 only) Failover between two layer 2 interfaces in the same layer 2 security zone is not supported.

•34922 - (Juniper NetScreen-50 only) You cannot configure a VSI when the Juniper Networks security appliance is in an active-passive NSRP configuration.

•34880 - (Juniper NetScreen-5GT only) Issuing the CLI command 'set interface <interface> manage ident-reset' displays incorrectly as 'set interface <interface> ident-reset' (without the word "manage" in the configuration file).

•34670 - (Juniper NetScreen-5GT only) Issuing the CLI command 'set/unset firewall exclude log-self exclude ike' does not change the state of "Log Self for IKE". The 'get firewall' command displays "Log Self for IKE" constantly in the "Off" state.

•34663 - Enabling the RTO mirror group direction feature using the set nsrp rto-mirror id <id> direction { in out } CLI command, might cause the preempt mode feature not to work.

•34414 - The Juniper Networks security appliance does not perform a revocation check on the signature attack database upon requesting an update.

•34070 - (Juniper NetScreen-5GT only) The event message 'AV: Suspicious client <Source IP> <Source Port> -> <Destination IP> <Destination Port> used <X> percent of AV resources, and exceeded the max. of <y> percent'