Table 5: Known Issues
(continued)
Description
PR
SNMP: For IDP8200 only, the values reported for the following MIB objects are incorrect:
•
jnxIdpSensorFreePktBuffersFiveSec.0
•
jnxIdpSensorFreePktBuffersOneMin.0
•
jnxIdpSensorPktsRxdPerIntfcTable
•
jnxIdpSensorPktsTxRatePerIntfcTable
•
jnxIdpSensorPktsDropOnAllIntfc.0
•
jnxIdpSensorSignatureStatsTable
•
jnxIdpSensorTopTenSignatureStatsTable
As a workaround, you can use NSM and IDP Reporter top attack reports to see the data for signature matches.
You can log into the CLI and use the
jnetStats
command to retrieve packet buffer and packet transmission
statistics. For example:
[root@defaulthost ~]#
jnetStats
../../jnetLib.c built on Dec 20 2010 at 23:05:51 with PRODUCTION build of SALEEN
-43e.
-- Worker Id 0 Stats:
freePackets: 444032
dropCount: 0
-- Thread Id 0 Stats:
rxPackets: 20846535763
rxBytes: 14757418499789
rxOverflow: 0
rxQueued: 0
txComplete: 18487802326
txCompleteBytes: 14691015670286
allocQueueSize: 1023
txPackets: 18487802326
txBytes: 14692307273740
-- Device Id 0 (eth2) Stats:
Link Status: Down
rxPackets: 0
rxBytes: 0
rxOverflow: 0
txPackets: 0
txBytes: 0
[...]
575772
High Availability
Synchronization from primary device to backup device includes updates to the application identification matches
for predefined signatures (the appsig cache). Updates do not include cached entries for custom applications
or extended applications (the extappsig cache).
550567
Due to a hardware limitation, interface signaling is not supported for IDP8200 10 gigabyte fiber interfaces.
558837
We do not support attack detection (flow-based or packet-based) in synced sessions processed by the standby
device after retransmission on the redundant path. Packets for these sessions are passed through, uninspected.
New sessions traversing the redundant path are inspected.
559087
19
Copyright © 2011, Juniper Networks, Inc.
Known Issues
