Table 5: Known Issues
(continued)
Description
PR
When you configure a custom compound attack object, you can optionally set within packets constraints. If you
set a packet constraint for one member, the program logic counts packets beginning implicitly with the
start-of-stream. Request is to include a UI option to specify the starting point.
538247
In ACM, you have the option to use a Radius server as an authentication source for access to ACM. However,
the username format allowed by the ACM configuration page does not support all formats deemed valid by
RFC 2486. In IDP OS Release 5.1, you can specify a usernames that include periods (such as john.doe), but not
special characters such as @ or + that are conventions in the username formats used by some enterprises (such
as [email protected]).
539399
HA deployment has an IDP system requirement that a virtual router named vr0 contain eth1 (the HA state sync
interface). If you upgrade an IDP OS 4.1r4 device that has HA enabled, eth1 is added to vr0 automatically.
Otherwise, you must check the ACM Configure Virtual Routers page to ensure this HA system requirement is
met. This requirement only applies if the device belongs to an HA deployment.
552167
Monitoring / Console
Under high traffic conditions, the following exception messages are displayed in the console:
ata1.00: exception Emask 0x2 SAct 0xfe SErr 0x400000 action 0x2 frozen ata1.00: (spurious
completions during NCQ issue=0x0 SAct=0xfe FIS=005040a1:00000001) ata1.00: cmd
61/30:08:8d:6e:16/00:00:00:00:00/40 tag 1 cdb 0x0 data 24576 out res
50/00:38:a5:70:16/00:00:00:00:00/40 Emask 0x2 (HSM violation)
You can safely ignore these messages.
288824
During upgrade with NSM, the NSM Job Information window displays status information that is not consistent
with the operations occurring on the IDP Series device.
428341
The NSM software version inventory fails to identify a patch version number when you add the IDP Series device
or import a IDP Series device configuration. To work around this issue, you can use the NSM Device Manager to
run an
Adjust OS
operation or use the IDP CLI to run
idp.sh restart
. However, the problem will recur following
add device or import configuration procedures.
438582
The NSM Process Status lists dLogPurger status, which is not a active process in IDP Series devices.
416086
On IDP8200, the
scio idp-cpu-utilization
utility shows an incorrect CPU utilization for idpengine_0.
573995
Logging / Packet Capture
Profiler is unable to capture the OS fingerprint for some destination servers. Reports show “Unknown OS”.
227241,
416708
After system unavailability, the IDP Series device does not send a log that the device has returned to normal
operations.
287179
In NSM log viewer, the strings for log severities for IDP Series devices are inconsistent with other network devices.
For IDP Series devices, strings for severity include
Device_critical_log
and
Device_warning_log
instead of the strings
Critical
and
Warning
that appear for other network devices.
407900
In NSM, packet data cannot be displayed correct for certain malformed IP packets.
415164
17
Copyright © 2011, Juniper Networks, Inc.
Known Issues
