When Q-in-Q tunneling is configured for a service provider’s VLAN, all routing
engine packets, including packets from the routed VLAN interface, that are
transmitted from the customer-facing access port of that VLAN will always be
untagged
Intrusion Detection and Prevention (IDP)
■ The JUNOS Software Security Configuration Guide does not state that custom
attacks and custom attack groups in IDP policies can now be configured and
installed even when a valid license and signature database are not installed on
the device.
■ The JUNOS Software CLI Reference is missing information about the following
IDP policy template commands:
■ Use this command to display the download status of a policy template:
user@host>request security idp security-package download status
Done; Successfully downloaded from
(https://devdb.secteam.juniper.net/xmlexport.cgi).
■ Use this command to display the installation status of a policy template:
user@host>request security idp security-package install status
Done;policy-templates has been successfully updated into internal
repository
(=>/var/db/scripts/commit/templates.xsl)!
■ The ip-action definition on SRX3400, SRX3600, SRX5600, and SRX5800 in the
JUNOS Software Security Configuration Guide on page 504 Table 73 is incorrect.
The correct definition should be as follows: Enables you to implicitly block a
source address to protect the network from future intrusions while permitting
legitimate traffic. You can configure one of the following IP action options in
application-level DDoS: ip-block, ip-close, and ip-notify.
■
The exclude-context-values option in the JUNOS Software Security Configuration
Guide on page 810 Table 101 is missing. The definition for exclude-context-values
should be as follows: Configure a list of common context value patterns that
should be excluded from application-level DDoS detection. For example, if you
have a Web server that receives a high number of HTTP requests on home/landing
page, you can exclude it from application-level DDoS detection.
■ The JUNOS Software CLI Reference and the JUNOS Security Configuration Guide
states that the maximum acceptable range for the timeout (IDP Policy) is 65,535
seconds, whereas the ip-action timeout range has been modified to 0-64800
seconds.
■ The JUNOS Software CLI Reference and the JUNOS Security Configuration Guide
are missing information about the new CLI option download-timeout, which has
been introduced to set security idp security-package automatic download-timeout
< value >, to configure the download timeout in minutes. The default value for
download-timeout is one minute. If download is completed before the
download-timeout, signature is automatically updated after the download. If the
download takes longer than download-timeout, auto signature update is aborted.
170 ■ Errata and Changes in Documentation for JUNOS Release 10.1 for SRX Series Services Gateways and J Series Services
Routers
JUNOS 10.1 Software Release Notes
To Next Page
Loading...
Need help?
General
