■ Getting_Started
■ IDP_Default
■ Recommended
■ Web_Server
■ IDP deployed in both active/active and active/passive chassis clusters has the
following limitations:
■ No inspection of sessions that fail over or fail back.
■ The IP address action table is not synchronized across nodes.
■ The Routing Engine (RE) on the secondary node might not be able to reach
networks that are reachable only through a Packet Forwarding Engine (PFE).
■ The SSL session-ID cache is not synchronized across nodes. If an SSL session
reuses a session-ID and it happens to be processed on a node other than the
one on which the session-ID is cached, the SSL session cannot be decrypted
and will be bypassed for IDP inspection.
■ IDP deployed in active/active chassis clusters has the following limitation:
■ For time-binding scope source traffic, if attacks from a source with more
than one destination have active sessions distributed across nodes, the attack
might not be detected because time-binding counting has a local-node-only
view. Detecting this sort of attack requires an RTO synchronization of the
time-binding state that is not currently supported.
■ On SRX100, SRX210, SRX240, and SRX650 devices, maximum supported entries
in ACS table for is 100,000 entries. However, since the user land buffer has fix
size of 1MB as a limitation, therefore it displays maximum 38837 cache entries.
■ IDP does not allow header checks for nonpacket contexts.
J-Web
■ On J Series devices, some J-Web pages for new features (for example, the Quick
Configuration page for the switching features on J Series devices) display content
in one or more modal pop-up windows. In the modal pop-up windows, you can
interact only with the content in the window and not with the rest of the J-Web
page. As a result, online Help is not available when modal pop-up windows are
displayed. You can access the online Help for a feature only by clicking the Help
button on a J-Web page.
■ On SRX Series devices, you cannot use J-Web to configure a VLAN interface for
an IKE gateway. VLAN interfaces are not currently supported to be used as IKE
external-interfaces.
Known Limitations in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services Routers ■ 139
Known Limitations in JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services Routers
To Next Page
Loading...
Need help?
General
