2012年9月9日日曜日
いっしゅうううううう「
6.1.0r7 ★Administration ★405317.The device erroneously reports the user was in use by L2TP, but it is not, and prevents editing of the user
6.1.0r7 ★Administration ★412352.Net-buffer leak caused multiple SSH tasks to compete for the same resource and series of dots appeared on the console
6.1.0r7 ★Administration ★432014.The authorized user with read and write privileges was able to issue the set admin password command due to which some user privileges were lost
6.1.0r7 ★Administration ★433456.The original source and destination address were missing from the log to USB flash
6.1.0r7 ★Administration ★445431.After a reboot, local configuration setting such as manage-ip or hostname were lost
6.1.0r7 ★Administration ★456056.An warning message was displayed when the service with more than 16 dst ports was specified
6.1.0r7 ★Administration ★456101.[ISG, NetScreen-5000 ] The port mirror command displayed erroneous Failed command - set mirror port source ethernet4/1 destination ethernet1/1 message on console bootup, even though the command exists in configuration file and was working
6.1.0r7 ★Application Layer Gateway (ALG) ★427463.New SQL, RTSP, H.323, SIP, SCCP connections failed due to an RM group leak
6.1.0r7 ★Application Layer Gateway (ALG) ★432666.The device reboots unexpectedly due to improper handling of RTSP ALG
6.1.0r7 ★Application Layer Gateway (ALG) ★446420.Microsoft WMI control service failed in some scenario
6.1.0r7 ★Application Layer Gateway (ALG) ★447395.MS-RPC ALG mapping sometimes skipped an entry
6.1.0r7 ★Antivirus ★436526.Under certain condition, FTP PASV communication failed in control session when UTM was enabled
6.1.0r7 ★Antivirus ★440546.The antivirus scanning process stuck-up the SMTP sessions if the client was using SMTP DSN (Delivery Status Notification) and the recipient's e-mail address contains word QUIT
6.1.0r7 ★Antivirus ★444440.The firewall might reset if antivirus scanning was turned on for the latest version of AIM service
6.1.0r7 ★Authentication ★393301.During Web authentication, when an ACK packet was received, the firewall erroneously sent out a FIN packet to end the session
6.1.0r7 ★Authentication ★416043.The device does not clear the existing System Information Block (SIB) while the associated radio caused authentication to fail
6.1.0r7 ★Authentication ★429374.Re-authentication for dot1x was not handled as expected
6.1.0r7 ★Authentication ★454779.Authentication fallback to local database failed for trustee administration users
6.1.0r7 ★CLI ★425920.The set smtp drop-virus-infected-email command was not saved into the configuration
6.1.0r7 ★CLI ★432204.After executing the IDP command and on pressing Ctrl+C, the debug data was missing and displaying only the timestamp
6.1.0r7 ★CLI ★435979.[SSG 500] Output of the get chassis command does not include PIM name
6.1.0r7 ★CLI ★447541.[NetScreen-5000 M3] The clear session frag command was not working as expected
6.1.0r7 ★ DI ★410393.Automatic DI Signature update failed when tried to update offline from the local server
6.1.0r7 ★ DI ★439093.Unable to update attack db for worm sigpack
6.1.0r7 ★ DI ★449213.[ISG 1000/2000] Using VSI interface, unable to pass the traffic through back-to-back VPN after IDP was enabled
6.1.0r7 ★DNS ★400824.DNS dynamic cache table does not display correct information
6.1.0r7 ★DNS ★436514.No sanity check for time-to-live on DNS host caused abnormal condition
6.1.0r7 ★DNS ★444576.DNS proxy was case sensitive for Domain Names
6.1.0r7 ★DNS ★447199.The DNS configured on the device using source-interface does not get applied when configured using WebUI
6.1.0r7 ★GPRS ★432267.The MS-timezone GTP Information Element was not removed when set remove-r6 was configured
6.1.0r7 ★GPRS ★437975.When GTP inspection was enabled, occasionally a GTP Echo Response might drop and the message bad state (message) was showed in the log
6.1.0r7 ★GPRS ★438896.With GTP inspection enabled, a CreatePdpResponse that contains a duplicate TEID for the control or data plane was dropped
6.1.0r7 ★HA and NSRP ★422747.[ISG] In Active/Active mode, Fin packet in NSRP data path was not correctly processed when SYN-CHECK was enabled
6.1.0r7 ★HA and NSRP ★424242.When performing an NSRP failover, the route pointed to a different tunnel interface. However, the synchronized session continued to point to the old SA tunnel
6.1.0r7 ★HA and NSRP ★437661.The RIP and OSPF MD5 authentication results in NSRP configuration were not in synchronization
6.1.0r7 ★HA and NSRP ★438794.Backup NSRP firewall lost synchronized OSPF routes
6.1.0r7 ★HA and NSRP ★439450.On certain occasions, the interface flap messages were triggered incorrectly
6.1.0r7 ★HA and NSRP ★447031.Backup device in NSRP cluster received corrupted HA packet and that caused some bits to be processed incorrectly, and the device to reset
6.1.0r7 ★HA and NSRP ★450083.In certain situations, with IPv6 enabled, NSRP data forwarding of IPv4 would have failed
6.1.0r7 ★HA and NSRP ★461079.[NetScreen-5000] The Backup firewall would prematurely remove the sessions on the Master in a VSD-less NSRP cluster and cross-ASIC traffics
6.1.0r7 ★HA and NSRP ★463752.In NSRP Active/Active mode, if tcp syn-check was enabled, could not update the session after the 3-way TCP handshake was completed
6.1.0r7 ★IDP ★427754.IDP engine core dump occurred when invalid memory resources were accessed
6.1.0r7 ★IDP ★428910.Packets re-ordered after IDP inspection with syn-check enabled due to delay in 3 way handshake
6.1.0r7 ★IDP ★431797.Packets were dropped when the TCP Error Reassembler Packet Memory Exhausted signature was enabled
6.1.0r7 ★Management ★401157.Unable to log on to the master device when NSRP failover occurs with IC configured
6.1.0r7 ★Management ★424853.The get config datafile command does not support for Update From Upstream DHCP Client on Int
6.1.0r7 ★interface ★432393.IPv6 policies were not being verified correctly using exec policy verify
6.1.0r7 ★interface ★438684.The set flow mac-cache-mgt command was not working for management of the backup firewall using the Master firewall
6.1.0r7 ★interface ★439271.If Ping was initiated from the firewall and the destination was not reachable, the task CPU was high during the ping
6.1.0r7 ★interface ★439970.Firewall reported wrong H.323 port information in NSM Protocol Distribution
6.1.0r7 ★interface ★440766.NSM Agent caused negative session count in NSM
6.1.0r7 ★interface ★443213.In some scenarios, TFTP control block would be freed in other task that caused crash or stimer list broken
6.1.0r7 ★interface ★447726.Parser error message StreamSetListParser was displayed on NSM while updating the device
6.1.0r7 ★interface ★448761.Unable to set password complexity scheme using NSM
6.1.0r7 ★NAT ★289915.The reserved dip ID is checked incorrectly when a policy was configured with wildcard or group in NSM
6.1.0r7 ★NAT ★403509.DIP leaked when a loopback interface for cross-Vsys was used simultaneously with a loopback group in the destination vsys for outgoing DIP NAT
6.1.0r7 ★NAT ★442461.Service mapping for Sun or MS RPC showed incorrect IP mapping when dst-nat was used
6.1.0r7 ★NAT ★443304.[NetScreen-5000, ISG series] Peer-to-Peer and ichat ALGs were incorrectly enabled on reboot and therefore MSN, Yahoo Messenger and AIM traffic was not processed by ASIC in hardware sessions
6.1.0r7 ★NAT ★This situation could cause high CPU utilization if the traffic load for these services was high
6.1.0r7 ★NAT ★This ALG is not applicable to these platforms and was disabled
6.1.0r7 ★Other ★403895.[ISG 2000] There is no ALG to handle REXEC traffic
6.1.0r7 ★Other ★426875.The device got disconnected from IC, even though the device was receiving CLI commands from the IC
6.1.0r7 ★Other ★427094.Occasionally, the connection between the Catalyst switch and the Copper Gigabit Interface with Manual duplex setting was down
6.1.0r7 ★Other ★429634.Fragmented packets entering the VPN were dropped when the ipsec-dscp-mark environment variable was set to yes
6.1.0r7 ★Other ★430210.The device rebooted unexpectedly when a SQL server with TCP fragments was accessed
6.1.0r7 ★Other ★431675.Defragmentation limit changed to support up to 65535 bytes of IP packet
6.1.0r7 ★Other ★431944.In transparent mode, MPLS pass-through traffic was dropped
6.1.0r7 ★Other ★431994.The DHCP server ignored the broadcast bit in DHCPDISCOVER
6.1.0r7 ★Other ★432190.[NetScreen-5000 M3] VLAN re-tag does not work properly with 10 Gig interfaces
6.1.0r7 ★Other ★433329.Websense failed due to incorrect session flag for URL_BLOCK and the debug message "Unknow message type: 8e" appeared in debug flow basic
6.1.0r7 ★Other ★434988.The device rebooted due to IPSec pass-through traffic
6.1.0r7 ★Other ★435161.The get led command showed wrong LED power status
6.1.0r7 ★Other ★435348.[SSG 5/20, SSG 140, SSG 500] Firewall would reset due to an exception dump before the bootup process
6.1.0r7 ★Other ★436214.The device rebooted while running in a high memory condition
6.1.0r7 ★Other ★436622.[SSG 140] The alarm LED did not turn red when large ICMP was detected
6.1.0r7 ★Other ★437101.Unable to renew certificate using SCEP with samekey option
6.1.0r7 ★Other ★437164.Interface flapping occurred on some versions of NS-ISG-SX2 card
6.1.0r7 ★Other ★437660.Firewall rebooted due to MGCP traffic
6.1.0r7 ★Other ★438488.The firewall would reboot during the certificate validation process if the certificate was used for IPsec peer authentication and PKI source interface was not defined
6.1.0r7 ★Other ★439211.The pause frames sent from a switch on 4 port FE PIM card would erroneously be detected as in misc
6.1.0r7 ★Other ★440103.The device reboots when an IP-Classification of an unused zone was deleted
6.1.0r7 ★Other ★440113.IPv6 Neighbor solicitation messages from source "::" were dropped by IP Spoofing
6.1.0r7 ★Other ★441723.The firewall did not sent the TCP RST for the traffic that matched IPv6 REJECT policies
6.1.0r7 ★Other ★442251.The device reboots due to keepalive sent between firewall and Infranet Controller
6.1.0r7 ★Other ★445511.The device was unstable and a net-pak leak occurred when an internal flag was changed abnormally
6.1.0r7 ★Other ★448711.The device reboots as the antivirus task exists when accessed an invalid address
6.1.0r7 ★Other ★449801.VRRP Traffic did not appear in self-log
6.1.0r7 ★Other ★450141.[SSG 500] The FCB timeout can be set from 1 to 300 seconds using the set fragage command
6.1.0r7 ★Other ★450681.System instability would result in ScreenOS if the DHCP client on the firewall interface value was Null
6.1.0r7 ★Other ★450819.[ISG] Interface does not get updated with new MTU value when Jumbo frame was enabled
6.1.0r7 ★Other ★456237.Unable to handle the EPSV command in the firewall
6.1.0r7 ★Other ★458280.In Configuration > Report Settings > Log Settings, the USB link redirects the user to wrong page
6.1.0r7 ★Other ★462783.Under certain conditions, sessions with timeout of 0 or 1 were never aged out of the firewall
6.1.0r7 ★Performance ★429821.TCP 3-way handshake packets were randomly dropped due to a problem in TCP SYN-check feature
6.1.0r7 ★Performance ★443567.When the FTP activity through the firewall was high, the backup firewall in the NSRP cluster would go high in CPU
6.1.0r7 ★Routing ★416966.When a route was displayed by get route command some of the flags were not freed, and the firewall rebooted
6.1.0r7 ★Routing ★The route was frequently added and deleted by changing dynamic routing
6.1.0r7 ★Routing ★427872.When OSPF demand was enabled or disabled, the SPF database was not in synchronization
6.1.0r7 ★Routing ★429461.For the default route, access-list 0.0.0.0/32 could be configured incorrectly instead of 0.0.0.0/0
6.1.0r7 ★Routing ★430932.Secondary VPN Tunnel configured with point to multi-point OSPF stopped in ExStart
6.1.0r7 ★Routing ★433904.The OSPF route update failed due to wrong cost value used for external type 2 routes
6.1.0r7 ★Routing ★437283.The NSRP route synchronization failed if the master device’s next hop was a virtual router
6.1.0r7 ★Routing ★439759.Firewall would reboot, when an access-list that is tied to a RP configuration for multicast was unset
6.1.0r7 ★Routing ★442034.Status change of tunnel or VSI interface should be handled for route advertisement
6.1.0r7 ★Security ★433848.Synchronization of flood source and destination threshold failed with IPv6 traffic
6.1.0r7 ★VoIP ★420306.H.323 Avaya VoIP calls failed due to an ASN.1 decoding error
6.1.0r7 ★VoIP ★431762.During an upgrade to ScreenOS 6.1.0r5, MGCP-related messages were displayed on the console
6.1.0r7 ★VoIP ★431830.SIP communications failed as the RPORT parameter was not taken into consideration in the ALG
6.1.0r7 ★VoIP ★442660.VoIP calls using SIP failed randomly due to incorrect format of INVITE message
6.1.0r7 ★VoIP ★443259.SIP ALG cannot parse the quoted boundary in content-type:multipart
6.1.0r7 ★VoIP ★For example, content-type: multipart/mixed;boundary="boundary3"
6.1.0r7 ★VoIP ★443828.H323 phone did not function because of H323 ALG mishandling
6.1.0r7 ★VPN ★430028.The device rebooted when SCEP auto renewal of the same key was performed
6.1.0r7 ★VPN ★432400.The IKE/IPSec pass-through ALG did not work when the loopback interface was used as source for NAT
6.1.0r7 ★VPN ★433589.Global settings for IKE timers were not propagated to individual IKE gateways
6.1.0r7 ★VPN ★439332.[SSG 5, SSG 20] VPN using AES-SHA dropped unexpectedly due to a hardware specific cache problem
6.1.0r7 ★VPN ★442719.Unable to configure a C Class Broadcast IP address for the IKE Gateway address
6.1.0r7 ★VPN ★451210.VPN traffic failed when IPv6 was enabled in an NSRP Active/Active mode with NSRP Data Forwarding enabled
6.1.0r7 ★ WebUI ★418815.In WebUI, editing a multi-cell policy gave unexpected results
6.1.0r7 ★ WebUI ★444967.The WebUI erroneously allowed options to configure VIP in non-root VSYS on a non-shared zone that was not supported
6.1.0r7 ★ WebUI ★This option was removed from the WebUI
6.1.0r7 ★ WebUI ★453298.Advanced Policy Settings could not be configured using WebUI
6.1.0r7 ★ WebUI ★446866.Global settings for IKE timers were not propagated to individual IKE gateways
6.1.0r6 ★Administration ★202421.After a reboot, the unset admin hw-reset command was not saved
6.1.0r6 ★Administration ★309090.The SSH session dropped due to Cygwin OpenSSH client having active setting
6.1.0r6 ★Administration ★403134.RFC MIB for ifAliasm FW returned an empty space character (“ ”), instead of a null string
6.1.0r6 ★Administration ★403310.A URL category name with string “BL” could not be removed
6.1.0r6 ★Administration ★412072.After the “Ctrl+C” and “Ctrl+Z” actions, some event log entries were blank
6.1.0r6 ★Administration ★414839.The policy logs in the syslog did not show the correct FTP data that was sent or received
6.1.0r6 ★Administration ★416873.After a reboot, some event log entries were not recorded in the syslog file, when the syslog was configured using UDP
6.1.0r6 ★Administration ★416915.Incorrect metrics were returned when queried for the SNMP MIB variable NsVrOspfIfMetricEntry
6.1.0r6 ★Administration ★418197.The traffic logs sent using e-mail reported an incorrect port number
6.1.0r6 ★Administration ★420873.The forbidden command unset int tun.1 zone could not be executed The command is removed from the CLI
6.1.0r6 ★Administration ★421033.The forbidden command unset int tun.1 zone could not be executed The command is removed from the CLI
6.1.0r6 ★Administration ★428631.In the Transparent mode, bandwidth option for interfaces in layer 2 zones were missing
6.1.0r6 ★Administration ★428795.The ADSL interface showed incorrect physical downstream bandwidth
6.1.0r6 ★Administration ★429883.The MSS-based sockets were changed on the new accepted socket
6.1.0r6 ★ Antivirus ★402935.The system failed when the Antivirus module issues floated point instruction
6.1.0r6 ★Authentication ★424606.Firewall was not able to connect to Infranet Controller (IC) when the IC name instance was configured instead of Internet Explorer (IP)
6.1.0r6 ★DHCP ★422196.The device was unable to obtain the DHCP address as the device used the wrong option in the offer packet
6.1.0r6 ★DI ★408269.The Deep Inspection (DI) database failed to update due to a memory leakage introduced in the DI update process
6.1.0r6 ★DI ★426280.The attack db rollback command did not work on some platforms
6.1.0r6 ★DI ★For the other platforms, the result of the command was logged as either successful or failed in event log
6.1.0r6 ★GPRS ★417630.When GTP inspection was enabled, the CrPdpResponse packet was not inspected when SGSN used a high source port and the GGSN used GTP pooling
6.1.0r6 ★GPRS ★420613.When GTP inspection was enabled, ICMP Destination Unreachable packets of the GTP session were dropped
6.1.0r6 ★GPRS ★422979.When GTP inspection was enabled, occasionally a DeletePdpResponse or EchoResponse dropped and the message “non-existent gsn” appeared in the log
6.1.0r6 ★GPRS ★426075.With GTP inspection enabled, a CreatePdpRequest that contains a duplicate TEID for the control or data plane was dropped
6.1.0r6 ★HA and NSRP ★285992.The output of the exec nsrp sync global-config save command was not sent to the debug buffer get db stream
6.1.0r6 ★HA and NSRP ★402911.In Transparent mode, under a high traffic load, a multicast traffic leaked on the secondary device
6.1.0r6 ★HA and NSRP ★404981.When the DHCP server mode was set to “auto” in the NSRP cluster, the standby box transmitted DHCP discover when a corresponding interface was active
6.1.0r6 ★HA and NSRP ★This packet caused a traffic interruption by confusing the MAC table connection to the L2 switch
6.1.0r6 ★HA and NSRP ★408567.With the method “arp”, Track IP failure time was longer than the configured “interval” and “threshold”
6.1.0r6 ★HA and NSRP ★423780.When high availability (HA) synchronization was blocked internally, the firewall would reboot multiple times
6.1.0r6 ★IDP ★408401.[ISG 1000/2000] The device failed due to access to a null pointer when both the NSRP and IDP features were used
6.1.0r6 ★IDP ★415094.[ISG-IDP] IDP engine core dump occurred due to buffer overrun condition
6.1.0r6 ★Management ★392249.The SNMP read-only queries returned read-write strings
6.1.0r6 ★Management ★394595.New policy would not take effect if managed using the NSM and CLI
6.1.0r6 ★Management ★398568.The SNMP query of MIB the object vrRouted in NETSCREEN-VR-MIB returned an IP address instead of an integer
6.1.0r6 ★Management ★400183.When unnumbered tunnel interfaces were used in a route-based VPN, the nsVrOspfIfIpAddress could not be queried
6.1.0r6 ★Management ★411075.If the hash value for the SSL certificate used for https management starts with a zero, the delta configuration from the NSM would occasionally report configuration difference between the device and the NSM
6.1.0r6 ★Management ★411209.NSM get config datafile was not in synchronization with the firewall get config saved due to the route table next hop
6.1.0r6 ★Management ★411492.When users saved the traffic log of the policy using WebUI, the “Close Reason” did not appear in the log data
6.1.0r6 ★Management ★411862.The get config datafile that included radius attribute “calling-station-id”, caused NSM synchronization problem with the firewall configuration
6.1.0r6 ★Management ★414778.[SSG-5, SSG-20] The access to a bgroup0 interface manage-IP failed when bgroup0 interface had a new port binding
6.1.0r6 ★Management ★415871.When the get config datafile command was issued, a trace dump appeared on the console preventing NSM import
6.1.0r6 ★NAT ★412278.The internal algorithm used to allocate resources for interface NAT (Pport) did not allocate the resources evenly
6.1.0r6 ★NAT ★419638.The RTSP ALG failed to allocate an RTSP cookie due to a memory leak
6.1.0r6 ★NAT ★427480.NAT DST failed when IP was included in an existing DIP pool
6.1.0r6 ★ Other ★257164.URL filtering using Websense failed as the source and destination addresses in the Websense packet were reversed on the SSG platform
6.1.0r6 ★ Other ★305815.The fragmented ICMP packets that were out-of-order were dropped
6.1.0r6 ★ Other ★307357.[SSG 300M-Series] The status of fan in get chassis was not accurate
6.1.0r6 ★ Other ★310021.The IGMPv3 report packet was delayed when the state of the host interface changed
6.1.0r6 ★ Other ★314819.The device failed if VPN traffic was asymmetrically routed using a self interface
6.1.0r6 ★ Other ★314846.DIP sticky could not use DIP pools that had sizes greater than one half of the maximum size of the device
6.1.0r6 ★ Other ★389098.Unexpected results were displayed when the AIM module considered IPv6 addresses as IPv4 addresses
6.1.0r6 ★ Other ★389786.The “no arp entry” counter was not displayed in the get counter stat output
6.1.0r6 ★ Other ★392208.The flow CPU value increased as a result of packet looping
6.1.0r6 ★ Other ★394959.The device unexpectedly rebooted due to a failure in the memory allocation
6.1.0r6 ★ Other ★395323.The device was reset when a malformed VPN packet with a destination address as multicast, unexpectedly went through a high availability interface
6.1.0r6 ★ Other ★395341.The device would occasionally fail when RPC traffic was handled
6.1.0r6 ★ Other ★398117.HTTP Redirect to an Infranet Controller failed when the client used an HTTP proxy
6.1.0r6 ★ Other ★402228.When UDP flood protection reached the threshold, the firewall leaked one extra UDP packet
6.1.0r6 ★ Other ★402919.Under a high traffic load, the interface counter on the ASIC platform was not accurate
6.1.0r6 ★ Other ★403350.In some situations, NSM was not able to update the policy on the device and the device reported the “invalid dip id 2” error
6.1.0r6 ★ Other ★404582.The RTCP packets did not prevent the RTSP session from timing out
6.1.0r6 ★ Other ★405788.The PPTP ALG caused the firewall to reset
6.1.0r6 ★ Other ★406336.The device rebooted due to an internal error when an NTP task was processed
6.1.0r6 ★ Other ★406495.Invalid entries related to the “bgp snmp” were logged and displayed by the get log sys command
6.1.0r6 ★ Other ★407396.The DIP table erroneously showed 100% utilization, even though there were DIP resources available
6.1.0r6 ★ Other ★407881.Some RTSP traffic failed when connected to an odd numbered RTP port
6.1.0r6 ★ Other ★408134.The device was reset unexpectedly when an HTTP session was released while receiving a response from the Websense server
6.1.0r6 ★ Other ★408158.The device was reset due to a corrupted ASIC session pointer
6.1.0r6 ★ Other ★408184.When scripts with CLI commands using more stack space were run, the device automatically rebooted
6.1.0r6 ★ Other ★410010.Removing a VSI or subinterface from a bridge group removed the entire bridge group configuration
6.1.0r6 ★ Other ★411770.When a L2TP packet was received, the dump data was erroneously sent to dbuf
6.1.0r6 ★ Other ★412156.The firewall did not accept Gratuitous ARP requests when the “arp nat-dst” option was set
6.1.0r6 ★ Other ★412160.[NetScreen-5000] VPN fragmented traffic for cross-ASIC sessions was dropped
6.1.0r6 ★ Other ★413443.When the firewall issued multiple pings, there was a delay in response
6.1.0r6 ★ Other ★413449.In certain situations, an edit duplicated the VPN policy caused a system crash
6.1.0r6 ★ Other ★413775.[ISG] The set sat sess-close [0|1] command did not function as expected
6.1.0r6 ★ Other ★414357.After a certain time, TCP socket leak caused loss to the management access as a result, the CLI output for the get tcp socket showed sockets in “close” or “closing” state
6.1.0r6 ★ Other ★416573.When the debug command was run, the redundant debug information was removed
6.1.0r6 ★ Other ★419654.[NetScreen-5000] Fragmented packets of cross-chip ASIC VPN traffic were dropped
6.1.0r6 ★ Other ★420541.The number of spaces in the syslog message was inconsistent
6.1.0r6 ★ Other ★420676.When a FTP client sent data, the PASV FTP client was unable to open a gate
6.1.0r6 ★ Other ★421293.[SSG-5, SSG-20] An interface failover or fallback did not occur when multi-link interfaces were used
6.1.0r6 ★ Other ★422068.Clearing the authentication table entry based on the IP cleared the entire authentication table
6.1.0r6 ★ Other ★422340.The Webauth redirection failed when the HTTP request HOST-LINE was split to two packets
6.1.0r6 ★ Other ★422710.In Transparent mode, when the manage-IP address differs from that of the VLAN1 IP address, only the VLAN1-IP address was pinged
6.1.0r6 ★ Other ★The ping did not include the manage-IP address
6.1.0r6 ★ Other ★423471.[NetScreen-5000, ISG] In certain situations, session in Transparent mode never aged out
6.1.0r6 ★ Other ★423540.When loopback function was checked, the device rebooted due to incorrect status of outgoing interface
6.1.0r6 ★ Other ★424182.The CPU did not decrement the TCP RST packet ttl, resulting in an infinite loop
6.1.0r6 ★ Other ★424649.Multicast fragmented traffic was unnecessarily merged and dropped on the firewall
6.1.0r6 ★ Other ★425461.When Webauth was enabled on the firewall and the user was redirected to a framed Web page, Internet Explorer (IE) 7.0 went into a loop if pop-ups were disabled
6.1.0r6 ★ Other ★425564.The second ISDN channel status was not set to UP
6.1.0r6 ★ Other ★427467.[SSG 140] The device rebooted unexpectedly due to ARP traffic across bgroup interfaces
6.1.0r6 ★ Other ★427730.[NetScreen-5000 MGT3] In Transparent mode, cross-ASIC TCP traffic using a VLAN tag was dropped
6.1.0r6 ★ Other ★431212.In Transparent mode, the device rebooted because the VLAN interface did not have a backup
6.1.0r6 ★Performance ★394094.On an ISG platform with Jumbo frame support enabled, only one FIFO channel was enabled instead of two FIFO channels
6.1.0r6 ★Performance ★405001.[NetScreen-5000, ISG] UDP fragments dropped due to malfunction in the ASIC chip (PPUC)
6.1.0r6 ★Performance ★417766.Interface bandwidth to multiple tunnel interfaces could not be configured
6.1.0r6 ★Performance ★417872.Traffic did not pass due to a problem in handling the ESP-Null packet in ASIC
6.1.0r6 ★Routing ★268031.The number of OSPF routes were unexpectedly reduced as a result of an internal function failure
6.1.0r6 ★Routing ★402531.The IGMP session was refreshed unexpectedly when the IGMP proxy shared the same mroute with a static mroute
6.1.0r6 ★Routing ★404458.The device rebooted when an invalid BGP origin attribute was received
6.1.0r6 ★Routing ★416416.The access list was enforced in the Policy-based routing after it was deleted
6.1.0r6 ★Routing ★417320.When an attempt was made to initialize a type 7 LSA, some OSPF routes were lost
6.1.0r6 ★Routing ★418152.Gateway tracking in the Vsys created duplicate routing entries
6.1.0r6 ★Routing ★425573.When the device restarted, the OSPF demand-circuit or reduce flooding caused partial loss of the routing table
6.1.0r6 ★Security ★410696.For the account-type 802.1X, the auth-server src-interface traffic was originated as “self” instead of the specified interface
6.1.0r6 ★Security ★413037.The firewall considered the link-local IPv6 address of the peer as IP spoofing
6.1.0r6 ★Security ★464534.CVE-2008-5077 OpenSSL incorrect checks for malformed signatures were addressed
6.1.0r6 ★ VoIP ★297158.The device was reset unexpectedly as the endpoint deletion was not handled properly with MGCP
6.1.0r6 ★ VoIP ★393140.When the SIP ALG was disabled, the device resets unexpectedly with heavy SIP traffic
6.1.0r6 ★ VoIP ★406871.An MGCP ALG call transfer did not work as expected
6.1.0r6 ★ VoIP ★410097.When a SIP register request was processed, the device rebooted due to an internal error
6.1.0r6 ★ VoIP ★421768.When the H323 ALG was enabled, the H323 RAS admissionConfirm packets were dropped
6.1.0r6 ★VPN ★304277.If there was heavy IPSec traffic, the ISG firewall would drop packets incorrectly
6.1.0r6 ★VPN ★395312.When Baltimore Unitrust CA was used, the PKI negotiation using the SCEP failed
6.1.0r6 ★VPN ★397917.In Transparent mode, the device was reset when a tunnel packet with an incorrect destination MAC address was received
6.1.0r6 ★VPN ★403260.The proxy-ID in a dial-up VPN did not match with multiple VPN policies
6.1.0r6 ★VPN ★411673.DH keys triggered a firewall crash
6.1.0r6 ★VPN ★422327.[SSG] The IPv4 address was set incorrectly in an IPv6-in-IPv4 tunnel
6.1.0r6 ★WebUI ★400895.The outgoing interface of proxy DNS could not be modified
6.1.0r6 ★WebUI ★403443.Gateway Tracking could not be configured using the WebUI
6.1.0r6 ★WebUI ★405079.High CPU utilization and packet loss resulted when an object was unset from a multi-cell policy using a software policy search
6.1.0r6 ★WebUI ★409068.In the Security menu, an IP address port field could not be set in the proxy settings
6.1.0r6 ★WebUI ★413447.The proxy settings for a DI Attack Signature update was not displayed as expected
6.1.0r6 ★WebUI ★414310.In event log entries, for “logged out” of Web (http, https) management, both the src.port and dst.port were incorrect
6.1.0r6 ★WebUI ★416971.[SSG-5, SSG-20] The output for the get chassis command was missing when the “get tech” command was issued from the WebUI
6.1.0r6 ★WebUI ★424074.The DNS Proxy checkbox on the loopback interface was removed from the WebUI
6.1.0r6 ★WebUI ★425929.The ScreenOS CLI allowed the creation of a policy with DSCP-marking enabled and no DSCP value defined
6.1.0r6 ★WebUI ★However, when the policy was created using WebUI, a DSCP value had to be set
6.1.0r5 ★Administration ★223845.An interface assignment to a zone cannot be changed when the traffic-shaping is enabled
6.1.0r5 ★Administration ★255412.[SSG 500] Unable to upgrade bootloader remotely
6.1.0r5 ★Administration ★The save boot from tftp <ipaddress> <filename> to <destination> command allows the administrator to upgrade the bootloader remotely using tftp
6.1.0r5 ★Administration ★306796.An incorrect "Anti-spam is detached from policy" message is generated when the policy is created or edited using the WebUI
6.1.0r5 ★Administration ★309023.Unable to manage the device using OpenSSH 5.1p1
6.1.0r5 ★Administration ★314252.[SSG] Onboard interfaces on a SSG firewall might randomly show half-duplex, even after manually configured as 100 MB/Full
6.1.0r5 ★Administration ★387163.Admin login fails when crossing Vsys
6.1.0r5 ★Administration ★388689.TACACS authentication does not send auth-server connect_origin field
6.1.0r5 ★Administration ★390553.OSPF MD5 authentication password shows up in event logs in clear text
6.1.0r5 ★Administration ★392254.The WebUI idle timeout cannot be changed when using external Auth server with Auth admin users
6.1.0r5 ★Administration ★395477.Device does not authenticate to backup external authentication server
6.1.0r5 ★Administration ★398432.For the type TACACS, "auth-server scr-interface" does not work and takes the IP address of the outgoing interface instead of the configured scr-interface
6.1.0r5 ★Antivirus ★299978.Antivirus scanning of MSN Instant Messaging might cause task CPU high
6.1.0r5 ★CLI ★392417.The command set tag <number> under Vsys gets configured incorrectly
6.1.0r5 ★DNS ★308106.The device might reset when the DNSA task is not processed on time
6.1.0r5 ★DNS ★391177.Task CPU might go high due to DNS when an address book entry is modified from one domain name to another domain name
6.1.0r5 ★ HA and NSRP ★251324.Primary and backup interface keeps flapping after track-ip has failed until the firewall is rebooted
6.1.0r5 ★ HA and NSRP ★295846.The device in an NSRP cluster resets when the device is trying to update and resolve the DNS entry
6.1.0r5 ★ HA and NSRP ★302374.The CLI command unset admin hw-reset causes out of sync state between the NSRP cluster members
6.1.0r5 ★ HA and NSRP ★307921.[ISG] Under heavy load, both members of the NSRP HA cluster might become Master
6.1.0r5 ★ HA and NSRP ★312711.The device resets due to malformed IKE P1 NSRP RTO object
6.1.0r5 ★ HA and NSRP ★389357.NSRP configurations went out of synchronization due to Vsys profile configurations
6.1.0r5 ★ HA and NSRP ★389495.In Transparent mode, the management traffic to backup firewall, which passes through the master firewall might cause packet loop
6.1.0r5 ★ HA and NSRP ★401403.A change in the NSRP VSD group init hold time is not saved to the flash. Hence, the configuration is not retained after reboot
6.1.0r5 ★Management ★266093.Unable to manage the custom URL category within the custom Vsys
6.1.0r5 ★Management ★309253.Unable to ping the interface IP from inside device when the interface IP and manage-IP are different
6.1.0r5 ★Management ★309587.When the SSH is enabled in a large number of Vsys in a short time, the Task CPU becomes high for a long time and management of the device might be lost
6.1.0r5 ★Management ★310298.When an interface inside a virtual system (Vsys) is configured to be NTP server, the NTP-server configuration line is incorrectly placed in the root Vsys configuration
6.1.0r5 ★Management ★313417.When the command exec policy verify is executed on any SSG platforms, the policy verification fails
6.1.0r5 ★Management ★387338.When the SSH from an HP-UX client to the firewall fails, the task CPU becomes high
6.1.0r5 ★Management ★391304.The duration of time reported by policy traffic logs is shorter than the actual time duration
6.1.0r5 ★Management ★391755.Device loses connectivity to NSM for every 8 minutes
6.1.0r5 ★Management ★394878.Hardware counters are not collected correctly
6.1.0r5 ★ NAT ★303836.Device does not translate ICMP sequence number properly when receiving ICMP echo response if both original ICMP ID and sequence number are 0
6.1.0r5 ★ NAT ★308572.Pinging a DIP IP address results in routing loop with upstream device
6.1.0r5 ★ NAT ★311682.Packet drops due to DIP allocation failure when the policy is modified from fix-port to non fix-port
6.1.0r5 ★ NAT ★311907.When the CCRQ message is sent from server side, the PPTP session closes and the child GRE sessions are not cleared
6.1.0r5 ★ NAT ★389221.PPTP ALG does not clear xlate table when PPTP connection fails from the client
6.1.0r5 ★Other ★277712.When using snoop command, “ip6hdr_info_extract: extract failed” messages are filling up the debug buffer
6.1.0r5 ★Other ★288649.[ISG, NetScreen-5000] Internal buffer leak causes some traffic drop
6.1.0r5 ★Other ★292941.Counter Statistics for the bgroup interface does not correctly reflect the amount of traffic passing through the interface
6.1.0r5 ★Other ★301623.The integrated URL filtering does not work if the HTTP request header "hostname" includes port number
6.1.0r5 ★Other ★303202.Device might reset due to long loop in one of the RTSP ALG's internal buffer
6.1.0r5 ★Other ★304208.The device might reset when the illegal memory is accessed
6.1.0r5 ★Other ★306168.After the Web Authentication with a "&" in the URL, the "&" character is removed by the firewall
6.1.0r5 ★Other ★307814.The HTTP 302 redirect fails to send out when the UAC authentication is stuck in pending status
6.1.0r5 ★Other ★308408.The ICMP flood protection option in the Screen feature allows one packet more than the configured threshold
6.1.0r5 ★Other ★309001.[SSG 500] Interface link might go down intermittently causing some packet drops
6.1.0r5 ★Other ★309168.Device displays the erroneous messages regarding the connectivity status of the Juniper 1GE LX Optics SFP transceiver
6.1.0r5 ★Other ★309986.The event "DHCP server IP address pool changed" is generated when the IP address of the untrust is changed
6.1.0r5 ★Other ★310435.When installing the policy tree, access of an illegal memory might cause the firewall to fail
6.1.0r5 ★Other ★310566.With SSG5 (Country code of TELEC), Extended Channel might be disabled after reset
6.1.0r5 ★Other ★311743.Duplicate message is displayed when the configuration is saved using the WebUI
6.1.0r5 ★Other ★312442.Under certain conditions, the packet might gets dropped for RSG traffic, as the child session is aged out when its parent is closed
6.1.0r5 ★Other ★313379.The firewall does not accept an infranet auth table entry when it contains '\o' as a part of the user name
6.1.0r5 ★Other ★314353.[NetScreen-5000 M3] IPv6 does not pass through in transparent mode unless the IPv6 envar is enabled
6.1.0r5 ★Other ★314402.The tranceivers JX-SFP-1GE-T with the part number 740-013111 always show link up even when the cable is disconnected
6.1.0r5 ★Other ★315248.Wireless interface cannot initialize when scheduler is enabled in config
6.1.0r5 ★Other ★387143.The alarm LED is cleared automatically without issuing the "clear led alarm" command
6.1.0r5 ★Other ★387902.When the UAC changes its MTU, the SSL task accesses a closed null socket pointer and the device resets
6.1.0r5 ★Other ★390285.When the attempt to remove an individual filter from the eight snoop filters is unsuccessful, the error message “Max snoop filter number reached” is displayed
6.1.0r5 ★Other ★391558.Under certain conditions, for the same packet, the interface flow counters might increment twice and the hardware counter might increment once
6.1.0r5 ★Other ★392411.The BRI interface configured as backup does not come up when primary interface is down
6.1.0r5 ★Other ★392767.The device might reset when SYN attack is sent using either subinterface in route mode or VLAN trunk configured in transparent mode
6.1.0r5 ★Other ★395279.Execution of the command exec policy verify holds on to the CPU for long time This causes device to reboot
6.1.0r5 ★Other ★395491.Web task goes high when receiving the wrong rcv_window condition This causes high CPU on the device
6.1.0r5 ★Other ★396878.The "auth-server src-interface" traffic is originated as "self" instead of the specified interface
6.1.0r5 ★Other ★397423.Traffic fails when there is a duplex mismatch between firewall and some switches
6.1.0r5 ★Other ★399247.The set alarm snapshot CPU trigger command does not produce an output in the get alarm snapshot CPU all command
6.1.0r5 ★Other ★401773.ISG chassis might have problems detecting some of the mini-GBIC interface status when under heavy traffic
6.1.0r5 ★Other ★417286.[NetScreen.5000, ISG series] Data corruption might cause ASIC chip to get stuck and stop forwarding traffic
6.1.0r5 ★ Performance ★297405.Inter-Vsys traffic gets dropped unless it goes through an ALG or is ICMP
6.1.0r5 ★ Performance ★299621.Task CPU runs high once for every other second
6.1.0r5 ★ Performance ★313904.[NetScreen-5000 MGT3] Packet is dropped due to internal congestion control mechanism
6.1.0r5 ★ Performance ★314096.Heavy H.323 traffic might cause device to reset due to a null pointer accessing
6.1.0r5 ★ Performance ★315217.[NetScreen.5000-2XGE/2XGE-G4] The hardware sessions that are not load balanced in FPGA on backup device cause performance drop after failover
6.1.0r5 ★ Performance ★386698.Syslog causes more miscellaneous error and discard packets that causes packet drops
6.1.0r5 ★Routing ★256473.Traceroute across an intrazone route based VPN fails
6.1.0r5 ★Routing ★277755.High CPU in task when deleting more than 30 RIP routes
6.1.0r5 ★Routing ★312513.When the RIP demand-circuit is used on a tunnel interface, the RIP neighbors are lost after NSRP failover W/A: Configure the RIP neighbors statically
6.1.0r5 ★Routing ★312623.Firewall calculates an incorrect checksum for PIM register packets
6.1.0r5 ★Routing ★389669.Firewall fails to announce BGP network prefix if the same is configured as BGP aggregate route
6.1.0r5 ★Routing ★394777.Device incorrectly allows the configuration of PBR next-hop of 0.0.0.0 with no interface specified
6.1.0r5 ★Routing ★395594.PBR entry ID greater than 128 does not take effect
6.1.0r5 ★Routing ★398075.When connected networks are redistributed into RIPng, the advertised address contains the host part instead of subnet only
6.1.0r5 ★Routing ★398277.OSPF adjacencies were lost due to an FPGA error
6.1.0r5 ★Routing ★398950.End of DST (Daylight Savings Time) caused OSPF to flap
6.1.0r5 ★Routing ★400333.Device reboots due to an invalid pointer when clearing mroute object
6.1.0r5 ★VoIP ★276513.SIP application error, “Due to stack unable to handle empty display name”
6.1.0r5 ★VoIP ★309859.PPORT paired ports were not released completely after an Avaya H.323 phone call was completed
6.1.0r5 ★VoIP ★310081.Device changes remote IP address within SCCP payload, causes a silent listener of an agent's call to fail
6.1.0r5 ★VoIP ★313085.In some scenarios, SIP cancel messages fail through the firewall
6.1.0r5 ★VoIP ★393342.SIP ALG complaining about "policy not found" might result high CPU
6.1.0r5 ★VoIP ★394454.Device might reset due to SIP ALG complaining about "policy not found"
6.1.0r5 ★VoIP ★405078.Device resets due to SIP ALG doing an extra NAT translation
6.1.0r5 ★VPN ★305067.Device incorrectly decrypts the VPN packet with certain TTL value
6.1.0r5 ★VPN ★308404.PPTP connections are aged out prematurely
6.1.0r5 ★VPN ★309216.In some scenarios, CRL renewal process fails when renewing CRL on the last or first day of the month
6.1.0r5 ★VPN ★387544.When peer_entry for ID payload is checked, then the nat_traversal VPN fails to establish the VPN
6.1.0r5 ★VPN ★This is due to usage of wrong logic
6.1.0r5 ★VPN ★389414.Under a certain condition, decryption for incoming VPN packets fails
6.1.0r5 ★VPN ★This is due to incomplete incoming key installation when the commit bit is enabled
6.1.0r5 ★VPN ★395216.Fragmented packets of cross-chip ASIC VPN traffic are dropped
6.1.0r5 ★WebUI ★307314.The WebUI does not accept zero value for ISDN interface "load-threshold" setting
6.1.0r5 ★WebUI ★309725.The WebUI displays incorrect value of DNS cache TTL
6.1.0r5 ★WebUI ★311759.Using the WebUI, unable to configure traffic shaping parameters, PBW, and GBW
6.1.0r5 ★WebUI ★313278.When connected through SSL VPN proxy, unable to manage the firewall using WebUI
6.1.0r5 ★WebUI ★408978.Unable to unset the address in a multi-cell policy from WebUI
6.1.0r4 ★Administration ★283897.Instead of null, the SNMP counters for multilink interfaces are zero
6.1.0r4 ★Administration ★292227.The SSG 140 device does not load the operating system after a restart
6.1.0r4 ★Administration ★293248.Information of both source port and destination port in an event log entry for WebUI access is not correct
6.1.0r4 ★Administration ★298873.When the Application ignore is configured on a policy, then the group service cannot be added
6.1.0r4 ★Administration ★299024.If the connection to the IC module breaks and if the IC module is configured with a DNS entry, then the DNS entry is updated
6.1.0r4 ★Administration ★299556.The event log does not log service timeout modification as a configuration change
6.1.0r4 ★Administration ★300282.When a policy is disabled, then the traffic shaping parameters of that policy are lost
6.1.0r4 ★Administration ★306719.On authentication, the additional group information does not get propagated to the backup device if the device is tied to multiple groups
6.1.0r4 ★Antivirus ★286714.In some cases, the Antivirus pattern files are missing and the new file is not downloaded
6.1.0r4 ★Antivirus ★The scan engine reports a File Not Found message
6.1.0r4 ★Antivirus ★293490.In a web proxy environment when the antivirus is enabled, then the event log prints the url twice
6.1.0r4 ★Antivirus ★295023.The device fails when the non-written memory page is freed up and the AV is enabled
6.1.0r4 ★Antivirus ★305062.The policy log for traffic matched by antivirus displays double the actual byte size received
6.1.0r4 ★DHCP ★282543.In certain situations, the device is unable to send a DHCP client request
6.1.0r4 ★DHCP ★292152.Device resets unexpectedly after configuring DHCP auto-config
6.1.0r4 ★DHCP ★305504.In transparent mode, the CLI set zone <name> no-dhcp-relay does not cover the DHCP server service
6.1.0r4 ★GPRS ★277620.When the GTP inspection is enabled, packets could be dropped and firewall ran out of available paths
6.1.0r4 ★GPRS ★302910.GTP CreatePdpRequest packets are dropped when retransmitted
6.1.0r4 ★GPRS ★This is observed when the packets, before sending a DeletePdpRequest, use the same teid_data to a different GGSN
6.1.0r4 ★HA and NSRP ★258242.In NSRP active and passive mode, the primary device restarts when the pointer has an invalid value
6.1.0r4 ★HA and NSRP ★287173.When a new username and password is added, the NSRP configuration goes out of sync
6.1.0r4 ★HA and NSRP ★288925.NSRP configurations are out of sync after unset multiple objects are applied in a multi-cell policy
6.1.0r4 ★HA and NSRP ★289119.Creating interface description causes NSRP configurations to go out of sync
6.1.0r4 ★HA and NSRP ★291970.[NetScreen.5000] The HA link shows UP when the HA interface of the peer is set to phy link down
6.1.0r4 ★HA and NSRP ★298021.NSRP configurations may go out of sync if the DNS server specifies an src-interface, which is a local interface, instead of a VSI interface
6.1.0r4 ★HA and NSRP ★300760.NSRP shows out of sync due to the password hash of the PPPoE username being different on the two devices
6.1.0r4 ★HA and NSRP ★301156.Under high traffic load, the multicast traffic leak occurs on the secondary device in the transparent mode
6.1.0r4 ★HA and NSRP ★306981.NSRP configurations go out of sync due to CLI configuration out of order when one of the members is reset
6.1.0r4 ★HA and NSRP ★310384.In transparent mode, NSM is unable to manage the backup device in an NSRP cluster
6.1.0r4 ★IDP ★260215.When profiling smaller networks, the profiler on an ISG-IDP does not detect new events
6.1.0r4 ★IDP ★The profiler does not update old events
6.1.0r4 ★IDP ★276587.[ISG-IDP] VLAN tagged traffic is incorrectly handled and dropped by ISG with IDP modules when IDP and tcp-syn-check is enabled
6.1.0r4 ★IDP ★292041.False positive detection can occur when accessing some of the web sites with a particular combination of DI policies
6.1.0r4 ★IDP ★297722.When a packet with ACK set is received, the IDP might drop sessions that are in half-connected state
6.1.0r4 ★IDP ★299424.With FTP-pathname user-defined signatures, the device does not check the filename in FTP out and get commands
6.1.0r4 ★IDP ★300182.The IDP engine failed because of the corrupt data structure
6.1.0r4 ★IDP ★301944.DI HTTP brute search function is not working properly
6.1.0r4 ★ Management ★281995.In some scenarios, all access to the management, except through the console, might be lost
6.1.0r4 ★ Management ★288625.A policy modification using Network and Security Manager might cause a device reset
6.1.0r4 ★ Management ★292490.NSM update fails when configuring the IKE v2 soft lifetime buffer
6.1.0r4 ★ Management ★292858.[SSG 320M/350M] SNMP Object Identifier (OID) ns TemperatureCur returns incorrect values
6.1.0r4 ★ Management ★294506.NSM updates do not take effect when the loopback interface is generated into static mroute in the NSM config datafile
6.1.0r4 ★ Management ★298916.An unnumbered tunnel interface can be configured on a custom tunnel zone However, this interface is not supported and cannot be configured in NSM
6.1.0r4 ★ Management ★300219.[NetScreen.5000-8G2-G4] In an HA cluster in transparent mode, the device with SSH or telnet on the secondary device cannot be managed
6.1.0r4 ★ Management ★300298.If a loopback interface is used by route-map in a virtual router, then it is not released while deleting a vsys
6.1.0r4 ★ Management ★300762.On certain interfaces incorrect display of ifAdminStatus and ifOperStatus is observed
6.1.0r4 ★ Management ★308356.Webtrends traffic log does not display VSYS name
6.1.0r4 ★NAT ★284672.DIP allocation fails on backup device of NSRP cluster when PPORT is not released
6.1.0r4 ★NAT ★288045.The VIP on loopback interface that contains a serial interface does not log traffic and Antivirus
6.1.0r4 ★NAT ★Also, anti-spam scanning does not occur
6.1.0r4 ★NAT ★302566.When NAT source and destination is configured in the same policy, passive FTP fails
6.1.0r4 ★NAT ★307364.Interface IP address can be unset even if its MIPs are still use in policies
6.1.0r4 ★NAT ★These MIPs are kept in the configuration and are only removed after device is reset
6.1.0r4 ★Other ★235297.Source MAC is not cached in session for PIM traffic
6.1.0r4 ★Other ★259334.A memory leak occurs when running FIPS mode
6.1.0r4 ★Other ★271025.The memory allocated during the Certificate Revocation List (CRL) check is not released properly after the check is complete
6.1.0r4 ★Other ★276077.Non-RPC MS Exchange traffic is dropped due to incorrect timeout
6.1.0r4 ★Other ★279557.[SSG Series] The traffic still passes when the WAN serial interface with a backup interface is down
6.1.0r4 ★Other ★283348.A device running Antivirus, URL Filtering, or VoIP does not function due to an unexpected packet type
6.1.0r4 ★Other ★284275.When running "debug flow basic", the format of UUID is not correct
6.1.0r4 ★Other ★284851.The firewall authentication might fail when loopback session is involved
6.1.0r4 ★Other ★286679.A memory leak occurs when NTP client cannot obtain a valid key id or key string
6.1.0r4 ★Other ★288938.The backup interface in a redundant interface setup is erroneously forwarding packets and causes duplicate packets to be sent
6.1.0r4 ★Other ★289413.WLAN LEDs are turned off when all wireless interfaces are shut down
6.1.0r4 ★Other ★289435.[SSG 140] In transparent mode, the device might not pass through traffic when a host moves from one interface to another interface in the same zone
6.1.0r4 ★Other ★289671.A change in the tunnel binding causes failure in the WebUI
6.1.0r4 ★Other ★290077.Under certain conditions, traffic fails to pass with user auth enabled
6.1.0r4 ★Other ★290478.[NetScreen.5000, ISG] Packet is dropped due to internal congestion control mechanism
6.1.0r4 ★Other ★290501.When the Compact Flash (CF) card is formatted, the set core-dump command freezes if there is not enough space on the CF
6.1.0r4 ★Other ★290666.In an IPv6 deployment, a null interface could cause the device to fail due to an interface state check that has been added
6.1.0r4 ★Other ★291728.Using the CLI or WebUI, the maximum length of scheduler object name is 19 characters only
6.1.0r4 ★Other ★294079.If the SYN-ACK packet does not contain the TCP MSS option, traffic for the Integrated URL Filtering, Anti-SPAM, Anti-Virus, and VoIP modules might be affected
6.1.0r4 ★Other ★295694.Device might fail when PPORT pool is exhausted
6.1.0r4 ★Other ★296850.RTSP media flow is disconnected after about a minute
6.1.0r4 ★Other ★297028.NTP pre-defined service is defined incorrectly
6.1.0r4 ★Other ★298305.Twice the configuration is incorrectly reloaded causes a system busy issue after start up
6.1.0r4 ★Other ★301487.Snoop was not working properly when using redundant interface
6.1.0r4 ★Other ★301602.When the web filtering feature or Antivirus or VoIP is enabled, a Linux host is not able to access a particular web site
6.1.0r4 ★Other ★301709.With an UAC as an Infranet auth configured in a firewall, a host with a particular web site as its homepage is not able to through the firewall due to fragmentation of its packets
6.1.0r4 ★Other ★302271.Failed to create multicast session once it is timed out due to a down interface
6.1.0r4 ★Other ★302382.In certain conditions, the firewall might reset if a session incorrectly references a MAC address without route information
6.1.0r4 ★Other ★302955.When PPTP xlate entries are not released in HA, PPTP VPN connection fails
6.1.0r4 ★Other ★302970.Device resets when issuing an mping
6.1.0r4 ★Other ★304210.Device resets when inside a VSYS and issuing a ping request using an IPv6 address
6.1.0r4 ★Other ★304276.The configuration of the set int wireless0/0 shutdown command is not saved in a wireless interface Also, the wireless interface remains enabled after reset
6.1.0r4 ★Other ★305571.When using the combination of aggregate interface and cross ASIC traffic, packet drop might happen due to SYN check errors
6.1.0r4 ★Other ★306370.Device might reset if a custom layer 2 zone is unset
6.1.0r4 ★Other ★306864.The SMTP header is now RFC2822 compliant and includes the time stamp
6.1.0r4 ★Other ★309122.ASIC ARP is installed incorrectly with wrong VLAN ID
6.1.0r4 ★Performance ★268006.The VPN traffic drops when the VPN is bound to a loopback interface and traffic shaping is enabled
6.1.0r4 ★Performance ★278935.Random packet drops occur because ARP entries were not deleted that in turn cause inconsistencies between hardware and software
6.1.0r4 ★Performance ★279442.The Flow and Task CPU utilization is high after a certain uptime if the device is heavily loaded with traffic
6.1.0r4 ★Performance ★281813.[NetScreen-5000] Performance on 10Gbps Ethernet is reduced for transit traffic in and out of the same physical port
6.1.0r4 ★Performance ★282781.High task CPU utilization occurs when CTRL+C is typed while displaying traffic logs in a CLI session
6.1.0r4 ★Performance ★282948.In a multicast environment, the backup device exhibits high CPU utilization
6.1.0r4 ★Performance ★283336.Redirecting traffic logs to the TFTP server might cause high task CPU
6.1.0r4 ★Performance ★283748.Fragmented packets loop between the CPU and PPU causing high CPU utilization
6.1.0r4 ★Performance ★284276.Performance of the VPN degrades when the DI is enabled on a policy
6.1.0r4 ★Performance ★284615.[SSG 500] The traffic throughput is slow when a copper gigabit Ethernet interfaces is used
6.1.0r4 ★Performance ★285793.High CPU due to NSM task
6.1.0r4 ★Performance ★291748.Using pipe in a large search may result in high CPU
6.1.0r4 ★Performance ★For example: get event | i foo
6.1.0r4 ★Performance ★292576.An out of sequence error is induced when the window scaling factor in SYN ACK packet is not updated in hardware session
6.1.0r4 ★Performance ★297574.When unset arp always-on-dest is configured on serial interface, the return traffic get dropped
6.1.0r4 ★Performance ★304334.High CPU causes "session scan" task ineffectively running due to constant ARP changes in the network
6.1.0r4 ★Performance ★307727.[NetScreen-5000] TCP cross-chip sessions erroneously have a session timeout of 20 seconds when there is non-cross-chip TCP background traffic and TCP SYN check is enabled
6.1.0r4 ★Performance ★386735.When adding interface member to aggregate interface in null zone, if aggregate sub-interface is in non-null zone, packet drops are caused due to loops between ASIC and CPU
6.1.0r4 ★Routing ★257979.Device fails when interface is not enabled for BGP and administrator requests TCP reconnection with BGP neighbor
6.1.0r4 ★Routing ★269410.High CPU due to RIP
6.1.0r4 ★Routing ★278718.Static default route on PPPoE interface fell back after power cycle
6.1.0r4 ★Routing ★287409.If an existing type 5 LSA exists in the OSPF database, new type 7 LSA for the same network is not converted to type 5 LSA even if the new LSA has better metric
6.1.0r4 ★Routing ★293332.Unable to configure the multicast candidate RP
6.1.0r4 ★Routing ★300214.When OSPF LSA database is large and firewall CPU is fairly busy, OSPF adjacency may flap
6.1.0r4 ★Routing ★302011.The router does not learn the OSPF routes from the peer even if the maximum number of routes is not reached
6.1.0r4 ★Routing ★304116.Unable to configure the router-id
6.1.0r4 ★Routing ★310349.When a static multicast wildcard route is deleted, all the associated routes that share the same iif, oif, and group are deleted
6.1.0r4 ★Routing ★310724.When a source specific mroute is configured, the multicast traffic is dropped
6.1.0r4 ★Routing ★310781.The multiple and duplicate entries of wildcard mroutes with source 0.0.0.0 are allowed in both the config and multicast routing table
6.1.0r4 ★Security ★264366.UDP flooding is detected and the packets are dropped even when the pps rate is less than the specified threshold
6.1.0r4 ★Security ★295452.When Integrated SurfControl is enabled , some web sites that get re-directed to an https URL are not accessible
6.1.0r4 ★VoIP ★281460.When using MIP or VIP video does not work properly
6.1.0r4 ★VoIP ★288193.Under certain conditions, the device may reset when processing pinhole for SIP traffic
6.1.0r4 ★VoIP ★289724.When the transaction timer expires and results in operation failure, SIP call are not cleared
6.1.0r4 ★VoIP ★289774.When DIP-Incoming is configured for incoming calls, H.323 outgoing calls fail
6.1.0r4 ★VoIP ★302418.A buffer overflow in SIP module may cause the device to reset
6.1.0r4 ★VoIP ★305658.The RTP packets are lost when NAT-T is enabled
6.1.0r4 ★VPN ★204717.When peer is identified by DNS address instead of IP address main mode IKE negotiations may fail
6.1.0r4 ★VPN ★285743.During Phase1 negotiation, the IKE-ID type with numeric IKE-ID from a third-party VPN device is correctly interpreted
6.1.0r4 ★VPN ★286723.VPN negotiation with enabled Xauth the Phase 2 SA is removed incorrectly
6.1.0r4 ★VPN ★287368.IP configuration from RADIUS such as the DNS server setting may not be configured properly to the Xauth client
6.1.0r4 ★VPN ★291524.If the outgoing interface is a loopback interface and traffic shaping is enabled, VPN traffic drops
6.1.0r4 ★VPN ★291993.Dead-Peer-Detection (DPD) failed to clear the IPSec Security Association (SA) after the Dial-up VPN client disconnected
6.1.0r4 ★VPN ★300430.Packets are dropped in a back-to-back GRE VPN scenario
6.1.0r4 ★VPN ★303538.When the physical and tunnel interface are in different zones, VPN monitor reply packets may get dropped across a route-based VPN
6.1.0r4 ★VPN ★308251.Failure to remove SPI entry causes memory leak
6.1.0r4 ★VPN ★310331.Device in transparent mode, may reset when a VLAN 802.1x tagged packet hits a VPN policy
6.1.0r4 ★VPN ★391494.VPN Interop using IKE v2 fails
6.1.0r4 ★WebUI ★281955.Unable to configure the route map using subinterface
6.1.0r4 ★WebUI ★289628.Unable to define an Address Group using the WebUI for zones that have an ampersand symbol in the name
6.1.0r4 ★WebUI ★290761.When configuring the RP for PIM, the RP address does not appear in the WebUI
6.1.0r4 ★WebUI ★291948.If the device has many event log entries, refreshing the main WebUI page or the report page using Report > System Log > Event causes high CPU utilization
6.1.0r4 ★WebUI ★293497.The WebUI shows less number of exported rules than the expected
6.1.0r4 ★WebUI ★293528.In some cases, the device may restart during HTTPS WebUI access
6.1.0r4 ★WebUI ★293998.In the WebUI, some alarm level events are not sorted by log level correctly
6.1.0r4 ★WebUI ★294560.WebUI may result in high CPU when clicked on Refresh in Reports > System Log > Self in
6.1.0r4 ★WebUI ★294594.In the WebUI, unable to see the non-trust-VR interface when configuring the PBR
6.1.0r4 ★WebUI ★296058.The WebUI does not allow the user to create a MIP with a different subnet mask than the interface
6.1.0r4 ★WebUI ★296660.Unable to add or change an existing configuration for TACACS Auth server using WebUI
6.1.0r4 ★WebUI ★298501.Change in multi-address cell back to "Any" causes policy corruption
6.1.0r4 ★WebUI ★299090.In the WebUI, the PCMCIA option for log settings is incorrectly shown as option USB
6.1.0r4 ★WebUI ★300920.Using the WebUI, Only 100 routes in the routing table are visible at a time
6.1.0r4 ★WebUI ★302622.When using the WebUI to configure DNS proxy server for a given domain, the failover option is automatically selected
6.1.0r3 ★Administration ★257485.In certain situations the administrator was unable to add an address book item to a multi-cell policy
6.1.0r3 ★Administration ★260995.The debug buffer may intermittently log messages even though no debug commands are running
6.1.0r3 ★Administration ★278125.When there are multiple policies using the same SRC/DST IP and ports, and one is disabled, and one of the address book objects is modified, the device may reset
6.1.0r3 ★Administration ★279094.Unsetting PPPoE auth-method will erroneously generate the message "Cannot unset idle-interval to default when auto connect is enabled"
6.1.0r3 ★Administration ★282163.TFTP traffic sourced from the loopback interface fails
6.1.0r3 ★Antivirus ★282592.Enabling AV as an http proxy in transparent mode causes the packets to use the MAC address of the VLAN interface as the source MAC address
6.1.0r3 ★DNS ★215889.DNS queries are sent to the dynamically-learned DNS servers, even though the DNS servers have been configured with an admin preference of 255
6.1.0r3 ★DNS ★261613.Proxy DNS fails if loopback interface is used as the outgoing-interface
6.1.0r3 ★GPRS ★270890.If GTP Sequence Number Validation was enabled, GTP traffic was dropped due to 'bad sequence number' after two NSRP failovers
6.1.0r3 ★HA and NSRP ★262695.NSRP failover may cause some VPNs to fail
6.1.0r3 ★HA and NSRP ★274948.In NSRP, when adding an interface to a L2 zone, it does not become a VSI
6.1.0r3 ★HA and NSRP ★280217.[NetScreen.5000, ISG] When the device is in an Active/Passive NSRP cluster, under a particular circumstance after a preempt primary device is reset, traffic via VPN is dropped by its VPN peer
6.1.0r3 ★HA and NSRP ★282261.NSRP failover from the backup to the primary taking longer than expected
6.1.0r3 ★HA and NSRP ★300517.With "set flow tcp-syn-bit-check" enabled, after failing over the NSRP cluster, TCP packets for existing sessions are dropped
6.1.0r3 ★ IDP ★270319.[ISG with IDP] The IDP process restarts when updating a policy with attacks that was previously configured with no attacks
6.1.0r3 ★Management ★255035.Redundant subinterfaces could not be imported properly from NSM
6.1.0r3 ★Management ★271129.In some cases, all management access may be lost except through the console
6.1.0r3 ★Management ★290562.Unable to determine BGP aggregate status within NSM
6.1.0r3 ★Other ★235777.The command "unset admin hw-reset" was not saved to the config file after a reset
6.1.0r3 ★Other ★252398.Wireless connection instability occurs when using 802.1x with Intel Pro/Wireless NIC with 802.1x auth
6.1.0r3 ★Other ★255301.TCP socket leak causes lost SSH management and BGP peering, resulting in high task CPU utilization
6.1.0r3 ★Other ★257812.NAS-Port-Type was "Wireless-Other" instead of "Wireless-IEEE-802-11" for example when authenticating wireless clients via radius
6.1.0r3 ★Other ★260307.Under certain conditions, the firewall seems to be corrupting UDP checksums
6.1.0r3 ★Other ★267891.A null pointer accessed in the ULR filtering , which caused the device to reset
6.1.0r3 ★Other ★269018.After enabling DI, when a syn-flood is detected, the device may restart
6.1.0r3 ★Other ★269488.In transparent mode, unauthenticated users are not being redirected to the Infranet Controller (IC)
6.1.0r3 ★Other ★273879.Authentication entries in a pending or fail state, fails to be cleared
6.1.0r3 ★Other ★276282.Device reset due to problem with hardware session pointer
6.1.0r3 ★Other ★279407.Memory leak occurred when a second user from the same user group is authenticated
6.1.0r3 ★Other ★280079.DSCP TOS bit was not being set correctly on the device
6.1.0r3 ★Other ★281722.A device reset occurred when running "debug ike" and "unset console dbuf"
6.1.0r3 ★Other ★283182.Traffic through the SSG-500 stops intermittently
6.1.0r3 ★Other ★285252.When traffic shaping is enabled, the MAC address is shifted on the subinterfaces
6.1.0r3 ★Other ★285333.Traffic may not pass if there is a duplex mismatch between the device interface and the switch connected to the device
6.1.0r3 ★Other ★271349.With a low-quality connection, PPPoE may stop responding during negotiation
6.1.0r3 ★ Performance ★221537.FTP downloads from dial up or slow links are failing when AV enabled
6.1.0r3 ★ Performance ★254058.Bandwidth testing site via web shows lower bandwidth than actual upload speed
6.1.0r3 ★ Performance ★259126.Packet loss and TCP retransmissions occur when performing file transfers across T1 WAN interface
6.1.0r3 ★Routing ★267357.Permanent route attributes are not being exported from one VR to the other
6.1.0r3 ★Routing ★276971.Tunnel interfaces were being counted as an outgoing interface, which exceeds the maximum number of interfaces allowed for multicast traffic
6.1.0r3 ★VoIP ★278563.Child session for SIP could not be created correctly
6.1.0r3 ★VoIP ★278773.H.323 ALG was unable to decode Q.931 using Avaya phones, due to not enough OLC support
6.1.0r3 ★VPN ★279789.In some network topologies, VPN monitoring may bring the VPN tunnel down
6.1.0r3 ★VPN ★280101.Dial-Up VPN traffic was dropped due to a change to the IP address on the dialup client
6.1.0r3 ★VPN ★284756.In certain situations, the auto-connect acvpn-dynamic command could not be completed
6.1.0r3 ★VPN ★285748.[NetScreen-5000] IPSec pass-through packets are being dropped when the device is in transparent mode
6.1.0r3 ★VPN ★285935.VPN packet drop occurs due to traffic looping when aggregate interfaces are used on the device
6.1.0r3 ★WebUI ★227316.Unable to configure DHCP on an interface from a trustee admin user via the WebUI
6.1.0r3 ★WebUI ★262490.Unable to manage a device from an untrust interface via a trustee admin via the WebUI
6.1.0r3 ★WebUI ★277589.When editing a subinterface, WebUI responds with an erroneous traffic bandwidth message "0 is not within the valid range (1 - 1000000)"
6.1.0r3 ★WebUI ★277867.The RP Proxy setting is not removed when its corresponding RP Candidate is deleted via WebUI
6.1.0r3 ★WebUI ★279141.VPN policies created with the WebUI paired up incorrectly
6.1.0r3 ★WebUI ★281505.In an NSRP environment, a fault error message "IP conflict" is shown in the WebUI when accessing a backup device to configure an interface
6.1.0r2 ★Administration ★215340, 256010.Some log entries are not formatted properly in the WebTrend output
6.1.0r2 ★Administration ★223139.Task CPU becomes high when executing some CLI commands with a large configuration, which triggers high overall CPU utilization, and reaches the alarm threshold
6.1.0r2 ★Administration ★258225.The admin-preferences of the local DNS defined via the CLI gets reset when any changes are made to DNS setting via the WebUI
6.1.0r2 ★Administration ★258522.Policy list in the root vsys may be blank when viewed from the WebUI
6.1.0r2 ★Administration ★259735.Incorrect information shown on the multilink and serial interface SNMP report for MTU, link status, operation status, and link speed
6.1.0r2 ★Administration ★261597.[NetScreen-5GT] Unable to set interface ethernet2 to the Null zone
6.1.0r2 ★Administration ★262685, 267506.Bridge Group interfaces would not go to full duplex, even when the bgroup members are hard-coded to full duplex
6.1.0r2 ★Administration ★262912.Sync Serial card shows up as JXMBRI-ST in get chassis
6.1.0r2 ★Administration ★267997.Incorrect ifIndex in link-up/link-down SNMP trap for redundant interfaces occurred
6.1.0r2 ★Administration ★275288.Device restarts when MIP configured with incorrect mapping from IPv4 to IPv6
6.1.0r2 ★Administration ★276003.The "sess-limit" option is getting lost after a restart
6.1.0r2 ★Antivirus ★225931.ICAP AV may fail with error code 3 for running out of connection objects due to incorrect freeing of ICAP connection
6.1.0r2 ★Antivirus ★266736.With Antivirus enabled, an email containing certain characters may cause the POP3 or SMTP session to freeze
6.1.0r2 ★DHCP ★263924.When using a PPPOE interface with a DHCP IP address as the tunnel outgoing interface, the VPN tunnel session still has the old dynamic IP address after the new address has been assigned or the firewall is restarted
6.1.0r2 ★HA and NSRP ★226031.Only the first IP Pool gets synchronized to the backup device
6.1.0r2 ★HA and NSRP ★227665.The NSRP vsd-group track-ip method CLI command is lost after a reset
6.1.0r2 ★HA and NSRP ★238578.Non-VSD sessions in an Active/Active NSRP configuration incorrectly synchronize between cluster members if the session's egress subinterface differs between cluster members
6.1.0r2 ★HA and NSRP ★251157.An NSRP cluster member received a corrupted HA message, causing the device to reset
6.1.0r2 ★HA and NSRP ★252645.Gratuitous ARPs for the secondary IP address on an interface did not work
6.1.0r2 ★HA and NSRP ★258989.[NetScreen-5000] Traffic is not forwarded when the packets are received on an aggregate interface of the backup VSD in an NSRP Active/Active cluster due to the TCP SYN check failing incorrectly
6.1.0r2 ★HA and NSRP ★260760.[SSG 5] NSRP failover not working properly when both NSRP interfaces and a secondary path are enabled
6.1.0r2 ★HA and NSRP ★262533.[SSG 140] Alarm LED on the device was not displaying correctly when an NSRP failover event occurred
6.1.0r2 ★HA and NSRP ★264768.Configurations are out of sync due PBR out of order set match-group commands
6.1.0r2 ★HA and NSRP ★267734.The primary ISG does not read the sequence number correctly from the ASIC for AES after failover
6.1.0r2 ★HA and NSRP ★268708.Traffic fails to pass after failover of a NSRP pair with devices configured in transparent mode
6.1.0r2 ★HA and NSRP ★268809.When no-session-backup is enabled on a policy, traffic through the serial interface stops passing
6.1.0r2 ★HA and NSRP ★274997.The commands set sm enable and set sm disable were erroneously being synchronized to the other member in an NSRP cluster
6.1.0r2 ★Management ★224382.Task CPU spikes when the authentication result from the RADIUS server does not arrive on time
6.1.0r2 ★Management ★252700.Unsupported "Far End" OIDs were modified so that they return a "no such object" response to an SNMP query
6.1.0r2 ★Management ★252783.The 64-bit counter on an interface was showing incorrect information after the "clear counter" command was performed
6.1.0r2 ★Management ★258148.SNMP reports incorrect ifspeed on the serial interface
6.1.0r2 ★Management ★260188.The device is only able to send 400 to 500 logs per second to NSM
6.1.0r2 ★Management ★260243.When disabling the rate limit in a GTP object configuration, the limit was not actually disabled
6.1.0r2 ★Management ★261714.The NSRP failover event log is not sent to the syslog server
6.1.0r2 ★Management ★262697.In certain conditions, the device may reset when a policy is pushed from NSM
6.1.0r2 ★Management ★266873.In the event log, when the number of telnet and ssh connections to a device are higher than its display limitation, the log entries of the telnet-cmd number and ssh-cmd number are incorrectly displayed
6.1.0r2 ★Management ★267372.The SNMP trap (OID) of the interface status is not correct
6.1.0r2 ★Management ★269298.An invalid command appeared in the CLI: "exec admin"
6.1.0r2 ★Management ★270999.Hardware counter for out bytes always shows zero on the management interface
6.1.0r2 ★Management ★271297.The get perf session detail command did not display the correct values
6.1.0r2 ★Management ★273424.Under certain condition, device update after the creation of a new custom vsys using NSM would result in the error: "unknown keyword unset"
6.1.0r2 ★Other ★224161.HDLC debug output was being sent to the dbuf buffer when any debug flow was enabled, making troubleshooting difficult
6.1.0r2 ★Other ★224423.If a timeout is configured in one GTP object, this timeout is used for all GTP objects
6.1.0r2 ★Other ★224782.The transmit and receive counters on an HA interface between two NSRP peers shows a mismatch, due to an incorrect byte count
6.1.0r2 ★Other ★226075.[ISG 1000/2000, NetScreen-5000-8G2/8G2-G4] Device sending two ESP packets with the same sequence number
6.1.0r2 ★Other ★227438.CTS traffic incorrectly detected as "HTTP:Overflow:Content-Overflow" and dropped
6.1.0r2 ★Other ★231670.In certain environments, if only URL filtering is enabled in the policy, the HTTP response might fail to be parsed
6.1.0r2 ★Other ★233490.RTSP ALG does not translate addresses properly when in NAT mode
6.1.0r2 ★Other ★235311.Transmission of the multicast data stream might stop for a while when handling a PIM fragment packet
6.1.0r2 ★Other ★236768.Device may issue an ACK in response to a RST packet
6.1.0r2 ★Other ★239594.The device may fail when AV is enabled and AIM traffic is passing through
6.1.0r2 ★Other ★240625.Memory utilization is high due to DI session leak when SYN protection is enabled
6.1.0r2 ★Other ★250504.A conflict over multiple tracked gateway routes caused the device to fail
6.1.0r2 ★Other ★252082.FTP session IPv4 to IPv6 session connects, but the client's FTP session hangs when FTP commands are entered
6.1.0r2 ★Other ★252224.The wireless client reports a different link speed than what the device reports
6.1.0r2 ★Other ★253965.Frame Relay clocking mode did not initialize properly
6.1.0r2 ★Other ★254619.A MIB file issue occurred when high-availability(15) was removed from the MIB files
6.1.0r2 ★Other ★256589.When a large number of VPN policies are configured, the device may fail to create a VPN policy when the tunnel ID is not specified
6.1.0r2 ★Other ★256783.Device failed due to mishandling of null pointer
6.1.0r2 ★Other ★257095.The Antispam list would not display in alphabetical order due to a sorting issue
6.1.0r2 ★Other ★258336.The device restarts on its own when the Deep Inspection Signature Pack is updated
6.1.0r2 ★Other ★260087.PPTP traffic not working properly when source nat policy is enabled
6.1.0r2 ★Other ★260626.[SSG 300] Device unable to pass packets greater than 1,468 bytes across an 802.1q tagged subinterface
6.1.0r2 ★Other ★261543.[NS-5000-MGT2] Issuing the command get bridge word 0 may cause the firewall to reset
6.1.0r2 ★Other ★262448.The 'exec policy verify' command was not working when empty address groups are used in the policies
6.1.0r2 ★Other ★262450.The WebAuth login page contained a script error after entering a user name
6.1.0r2 ★Other ★262666.When NTP is enabled, and set ntp server src-interface is used, NTP communication cannot be checked in the policy when the traffic is sent out to an interface other than the one specified in the command
6.1.0r2 ★Other ★262894.Device fails to connect to Websense server after the Websense server IP address has changed
6.1.0r2 ★Other ★263585.In certain situations, traffic that is NAT'd and uses the H.323 ALG caused the device to reset
6.1.0r2 ★Other ★263850.FTP ALG did not correctly create child sessions for cross-vsys flows, causing data packets to be dropped
6.1.0r2 ★Other ★264263.Device failed due to Null pointer access in sunrpc
6.1.0r2 ★Other ★265230.[SSG 140] The alarm LED on the device incorrectly displays as amber, instead of red, when an attack was detected
6.1.0r2 ★Other ★266875.Interface MAC did not change correctly when the VSI interface was assigned to the mgt zone
6.1.0r2 ★Other ★267114.When URL filtering is enabled, permitted URLs are logged twice in the firewall event log
6.1.0r2 ★Other ★267255.Unset ALG not saved after reset
6.1.0r2 ★Other ★267370.When generating a syslog message, the source port and destination port are incorrectly interpreted from the event log
6.1.0r2 ★Other ★267767.Running get dbuf stream prints out the message, “Return due to suspect loop”, with any debugs specified
6.1.0r2 ★Other ★267994.CPU utilization is high after Virtual IP (VIP) is configured
6.1.0r2 ★Other ★269121.GRE keepalive is dropped when the recursion control bit is set
6.1.0r2 ★Other ★269668.Deleting multiple virtual systems at one time may prevent traffic from passing through other virtual systems
6.1.0r2 ★Other ★269922.With IPv6, an incorrect ICMP message is generated when the policy is configured with action reject
6.1.0r2 ★Other ★273021.The connection between the firewall and the external Surfcontrol server was lost randomly several times a day
6.1.0r2 ★Other ★274187.Under certain circumstances, the first SYN packet is not matching the policy
6.1.0r2 ★Other ★274973.When get vr trust protocol pim rp proxy is executed, an exception dump may occur
6.1.0r2 ★Other ★278559.In certain conditions, clearing the auth table via IP address may cause the device to reset
6.1.0r2 ★Other ★280532.Websense is not working and displays the following error: "Unknown message type: 8e"
6.1.0r2 ★Other ★289248.FTP failed if there was a NO PASSV response and then the client tried to use PORT mode
6.1.0r2 ★Performance ★234153.High flow CPU utilization caused by packet looping between CPU and ASIC
6.1.0r2 ★Performance ★266111.Slow performance with Web traffic when URL filtering and the SYN Proxy is enabled
6.1.0r2 ★Routing ★223180.Multicast traffic was not forwarded to both spokes in a hub-and-spoke VPN
6.1.0r2 ★Routing ★225874.Creating a default route from one VR to the other VR caused the firewall to reset
6.1.0r2 ★Routing ★259054.The BGP neighbor goes to idle after the BGP connection is reset
6.1.0r2 ★Routing ★260646.The device would not become the PIM designated router (DR) after increasing the DR-priority
6.1.0r2 ★Routing ★262604.The first multicast packets in the flow get dropped
6.1.0r2 ★Routing ★263665.Routes learned via OSPF are not propagated to NSSA LSA after NSRP failover is done
6.1.0r2 ★Routing ★264800.The default route advertised via BGP by the ISP's upstream router was not propagating into the device's route table
6.1.0r2 ★Routing ★268471.BGP stops advertising the tunnel's static route after a reset
6.1.0r2 ★Routing ★269341.IGMP join occurs 10 seconds after a unicast route has changed
6.1.0r2 ★Routing ★274788.Multicast route through GRE tunnel fails after the GRE routers do a failover
6.1.0r2 ★Routing ★282293.Routes are stuck in the RIP database in multiple custom VR configurations
6.1.0r2 ★ VoIP/H323 ★256706.The device was not doing routing and policy lookup for IP addresses with unknown contact bindings from the SIP server
6.1.0r2 ★ VoIP/H323 ★264625.[ISG 1000/2000] SCCP ALG logging messages in the event log, after the ALG was disabled
6.1.0r2 ★ VoIP/H323 ★271315.SIP ALG did not support LWS
6.1.0r2 ★ VoIP/H323 ★274300.The "Can't allocate memory for SCCP call context" message appears in event logs due to the timing between session age-out and call completion
6.1.0r2 ★VPN ★254357.Pings through VPN are dropped when IPSec SA is 0
6.1.0r2 ★VPN ★255512.The command unset ike policy-checking only applied per device, and not per VPN
6.1.0r2 ★VPN ★257708.When subjected to heavy GRE/IPSec traffic, the device may reset
6.1.0r2 ★VPN ★263126.The device did not send an Account-Stop message for the old Phase1 SA
6.1.0r2 ★VPN ★264713.Tunnel ID and hardware SA in an existing session do not update properly after VPN change, which causes traffic to stop
6.1.0r2 ★VPN ★275108.NSP-tunnel (used in IPSec environments) was erroneously deleted but still referenced by another module, and caused device to reset
6.1.0r2 ★VPN ★282310.The device may reset when a NetScreen Remote VPN connection is made
6.1.0r2 ★VPN ★282564.Multiple dial-up VPN users could not login if the name in the certificate is similar to the previous user
6.1.0r2 ★WebUI ★222872.Access to the WebUI is very slow when opening the main home page
6.1.0r2 ★WebUI ★256041.In a particular circumstance, the device may fail when an admin edits a VPN configuration using the WebUI
6.1.0r2 ★WebUI ★259582.When adding Antispam to an existing Antivirus profile via the WebUI, FTP session disconnects occurs and result in abnormal behavior of FTP commands (ls, dir)
6.1.0r2 ★WebUI ★262479.Read-Write admin account was incorrectly offered "Enable Web Management Idle Timeout" option in the Admin Management page, causing the page's Apply function to fail
6.1.0r2 ★WebUI ★262827.From the WebUI, deleting an aggregate sub-interface erroneously gives you a warning that you are about to remove one aggregate interface
6.1.0r2 ★WebUI ★264300.Config Merge from the WebUI fails
6.1.0r2 ★WebUI ★265334.From the WebUI, if a RIP summary route is set to a metric of 1, it does not get written to the config
6.1.0r2 ★WebUI ★265413.Unable to specify u-fqdn IKE-ID type when creating a Dial-Up VPN User
6.1.0r2 ★WebUI ★266871.Custom RPC service is deleted from the policy when that policy is edited
6.1.0r2 ★WebUI ★267496.The WebUI reports that the gbw value is out of range when editing on a subinterface
6.1.0r2 ★WebUI ★267521."Bypass authentication option" for XAuth can not be configured via WebUI
6.1.0r2 ★WebUI ★270630.Can not disable SSH2 management from the WebUI
6.1.0r2 ★WebUI ★272946.Unable to create an IKE gateway on a device in transparent mode from the WebUI
6.1.0r2 ★WebUI ★276288.When configuring an NSRP cluster ID with a value over 63 using the WebUI, an incorrect error message is displayed
6.1.0r1 ★VPN ★220334 (os70336).When the IP address of a remote peer changed, IKE phase 1 failed to update correctly This issue has been resolved
6.1.0r1 ★Firewall ★236113.When you enabled TCP-SYN-Check on the NetScreen-5000 platform, the device failed to establish a cross-chip TCP connection in Transparent mode This issue has been resolved
6.1.0r1 ★IDP ★225502.[ISG with IDP] The IDP drops legitimate HTTP traffic for very large HTTP downloads
6.1.0r1 ★IDP ★226284.An ISG 2000-IDP intermittently stopped advertising prefixes to eBGP peers after BGP peer refreshed from other devicesThis issue has been resolved
6.1.0r1 ★IDP ★229742.In Transparent mode on an ISG 1000 with IDP enabled, if both Web filtering and IDP were enabled in one policy, all Web browsing that used the policy stopped respondingThis issue has been resolved
6.1.0r1 ★IDP ★232075.[ISG 1000/2000] Time binding attacks are not reporting logs to the NSM server
6.1.0r1 ★IDP ★236437.[ISG 1000/2000] In certain situations, the traffic passing through an inline mode IDP rule may experience excessive delay when other rules are configured for TAP mode IDP
6.1.0r1 ★IDP ★237769.[ISG 1000/2000] There is high CPU utilization on a single SM (Security Module) due to uneven session distribution
6.1.0r1 ★IDP ★239575.When both tcp-syn-check is set and IDP is enabled in the policy, the ACK packet of a 3-way handshake is dropped when ISG is in transparent mode
6.1.0r1 ★IDP ★252958.[ISG 1000/2000] Login attempts with FTP brute force signature were erroneously being logged as accepted
6.1.0r1 ★ Other ★225017.If you restarted an SSG 5 appliance after many hours of heavy traffic, the device stopped forwarding all traffic This issue has been resolved
6.1.0r1 ★ Other ★226651 (os70627).When traffic reached 1Gbps (in each direction) through two uPIMs, traffic was blocked in both directions after approximately one hour
6.1.0r1 ★ Other ★233516.If you made a large number of configuration changes (especially in policies and virtual routers), an ISG 2000 stopped receiving IPv6 packetsThis issue has been resolved
6.1.0r1 ★ Other ★231754.In Transparent mode, SIP traffic caused a device to fail
6.1.0r1 ★ Other ★227229 (os71064).When you deployed NTP Server on ISG 1000 appliances, the device aged out a packet even if the hardware session was refreshed by the packet
6.1.0r1 ★ Other ★This issue has been resolved
6.1.0r1 ★Routing ★228200.Adding an alternate route to the routing table and making it as active after a tunnel failure was not possible This issue occurred when you used the set interface tunnel_name protocol rip demand-circuit command This issue has been resolved
6.1.0r1 ★Management ★231728.On the SSG 140 platform, DNS settings were not accepted through a PPPoE connection This issue has been resolved
6.1.0r1 ★Management ★233428.In Transparent mode, the management feature on a v1-Untrust zone was not added to the configuration, so it was disabled after a device reset This issue has been resolved
●Known Issues in ScreenOS
6.1.0r7 ★Application Layer Gateway (ALG) ★455373.The device might reset when some SQL ALG registers access an odd address
6.1.0r7 ★Authentication ★455865.After a reboot of the firewall, 802.1x authentication fails
6.1.0r7 ★DNS ★458316.A device might reset if a vsys that contains address book objects with DNS names is deleted
6.1.0r7 ★HA and NSRP ★454981.[SSG 300M] When the NSRP failover occurs, the red alarm LED is triggered
6.1.0r7 ★NAT ★455943.When the PPTP service and GRE service timeout are configured to never, the PPTP xlate fills up unless the PPTP connection is shutdown
6.1.0r7 ★Other ★458125.The VLAN tag information is lost on preparing a child session in ALG traffic when the UTM is enable
6.1.0r7 ★Performance ★455350.For the interface, MTU is set to 1500 when a tunnel interface is added that might cause performance issues
6.1.0r7 ★VoIP ★422611.Power Cycling H.323 IP Phone results in NAT pport leak
6.1.0r7 ★VoIP ★458341.The SIP ALG is not handling the SIP calls that use multi-part message as expected
6.1.0r7 ★WebUI ★455462.When an aggregate BGP route is added using WebUI, new option summary-only is added that is not specified in the WebUI
6.1.0r7 ★WebUI ★459894.Unable to remove the address book object DMZ Any after it is configured
6.1.0r5 ★Other ★419564.The ppp multi link bundle supports only two BRI channels
6.1.0r4 ★Other ★391304.The duration of time reported by policy traffic logs is shorter than the actual time duration
6.1.0r3 ★Flow ★235781.Using Transparent mode, under high traffic conditions, sometimes a small number of sessions cannot be cleared The sessions appear to be "time 0" but will remain in the session table Running set sat session-clean will clear these sessions from the table after one round of session cleaning
6.1.0r3 ★Flow ★239631.If you configure the initial session timeout below the valid range (20.300 seconds), the system interprets these values as minutes instead of seconds
6.1.0r3 ★ HA and NSRP ★235303.Delay in the peripheral devices updating the forwarding table when a failover occurs in an NSRP cluster in Transparent mode.When the devices have no gratuitous ARP mechanism as in NAT or Route mode, peripheral devices update the forwarding table only when the active physical interface is restarted.The update happens after five seconds by default.W/A: Use the CLI command set nsrp link-hold-time to modify the link downtime
6.1.0r3 ★ HA and NSRP ★236275.If the VSD group is not bound to a VLAN group, the security device incorrectly reports the VSD as being in Active-Passive mode
6.1.0r3 ★ HA and NSRP ★236634.In an Active-Passive configuration, if the active security device handles a large number of FTP connections, the CPU utilization of the backup device remains high even when the rate of the FTP connections per second on the backup is low
6.1.0r3 ★ HA and NSRP ★253467.If a device's SIP traffic is very heavy in an NSRP deployment, although the master box works well, there will be some delays when resources on the backup box are removed.Operational impact on the cluster is minimal, and the backup box will automatically recover
6.1.0r3 ★IPv6 ★227934.SSG platforms incorrectly process the ICMPv6 error packet that they receive in response to a non-first fragment packet that exceeds the outgoing interface MTU W/A: Set the interface MTU at a value that accommodates all packets for all links through a path
6.1.0r3 ★IPv6 ★236085.In Transparent mode, you cannot manage a zone that is on a vsys using the zone nsrp manage CLI command, because it is a global setting based on vlan1 interface In root mode, you can manage only the related vsys
6.1.0r3 ★IPv6 ★236087.On SSG 320/350 devices, a 4-byte PVE tag is used to identify which interface the packet came from, limiting the maximum supported packet length to 1514 bytes
6.1.0r3 ★IPv6 ★236549.When deployed in Transparent mode, some high-end platforms such as ISG 1000-IDP do not support more than 20 reassembled segments If you try to ping another device with data that requires more than 20 reassembled segments (for example, 30,000 bytes), the ping request fails
6.1.0r3 ★IPv6 ★239285.ScreenOS does not verify the IP address that you enter when you configure the security device W/A: You should verify the IP address that you enter for an interface For example, you must not assign a multicast or broadcast IP address as an interface's IP address
6.1.0r3 ★IPv6 ★239598.On some high-end platforms, after you have enabled IPv6, the CLI incorrectly allows you to enable parameters such as DSCP marking, IDP, and NSRP Data Forwarding that are not supported in IPv6 mode
6.1.0r3 ★IPv6 ★267239.When modifying an IPv6 or a wildcard policy through the WebUI, all existing sessions for the policy will be removed However, existing sessions will not be removed if you only modify some minor features.such as session-limit or alarm-without-drop.of an ordinary IPv4 policy through the WebUI
6.1.0r3 ★Other ★236210.In an IDP deployment, when a policy incorporating diffserv is created the security module does not mark the first attack packet
6.1.0r3 ★Other ★This is by design, and all subsequent packets are correctly marked
6.1.0r3 ★Other ★255774.The debug command unset console dbuf might make the box unstable, especially under heavy traffic Administrators are advised to use care when running this command
6.1.0r3 ★Other ★258931.Due to a memory limitation, NS 5000 devices are currently unable to support 500 vsys when an advanced license key.such as for virtual router or Layer 2 Active-Active support.is part of the deployment
6.1.0r3 ★Other ★263512.ScreenOS 6.1.0 includes a new SSHv2 secondary login banner feature However, unless the feature is enabled, if the secondary banner is displayed before a login prompt on a console or via a Telnet connection, no positive acknowledgment to the secondary banner is required (applicable to console, Telnet, SSHv1, and SSHv2 connections)
6.1.0r3 ★Other ★266022.Because the NS 5400 supports 2 million sessions by default in 6.1 (and 6.0r2 and later), you must make sure that the device has a minimum of 450MB of free memory when upgrading from 5.4 or 6.0r1 to 6.1 or 6.0r2 One million sessions will require approximately 340MB of memory
6.1.0r3 ★Other ★278668.[SSG 550/550M] An error in the boot-loader code caused the interface references to be switched and the motherboard version to be incorrectly reported while upgrading from boot mode
6.1.0r3 ★Routing ★251874.ScreenOS does not limit the number of routing entries that are distributed through Routing Information Protocol (RIP) This incorrectly allows you to configure more static routing entries than are supported
6.1.0r3 ★Routing ★251875.ScreenOS does not limit the number of Open Shortest Path First (OSPF) areas and virtual links This incorrectly allows you to configure more OSPF areas and virtual links than are supported
6.1.0r3 ★Routing ★251879.ScreenOS does not limit the number of Open Shortest Path First (OSPF) interfaces This incorrectly allows you to configure more OSPF interfaces than are supported
6.1.0r3 ★Routing ★251883.ScreenOS does not limit the number of static routing entries that are redistributed through OSPF This incorrectly allows you to configure more static routing entries than are supported
6.1.0r3 ★Routing ★255815.The device does not check the destination MAC address for packets when the SYN-cookie is triggered and responds with SYN-ACK whether the destination MAC belongs to itself or not
6.1.0r3 ★Routing ★258978.For the SSG 320M and 350M, the supported maximum number of Border Gateway Protocol (BGP) redistributed routes is 4096 However, if a large number of routes are added with an automated script, it is possible to exceed the supported limit Routes entered or redistributed manually should not be able to exceed 4096
6.1.0r3 ★Routing ★258979.For the SSG 320M and 350M, the supported maximum number of Open Shortest Path First (OSPF) redistributed routes is 4096, but it may be possible to exceed the maximum OSPF redistributed routes are handled in two parts: route task and OSPF task
6.1.0r3 ★Routing ★The route task will add redistributed routes to OSPF continuously during one CPU time slice
6.1.0r3 ★Routing ★The redistributed routes counter will not, however, be updated until the OSPF task is processed by the CPU, so more routes may be added in OSPF when the routes are added using an automated script
6.1.0r3 ★Routing ★Routes entered or redistributed manually should not be able to exceed 4096
6.1.0r3 ★VoIP ★239517.During a VoIP call that uses the H.323 protocol, if you change the mapped IP or virtual IP address assignments, subsequent calls lose the audio Child sessions that are required to provide audio are not established because the security device does not recognize a matching policy with the changed MIP or VIP assignments W/A: Create a policy similar to the one you had configured and add it to the global zone
6.1.0r3 ★VoIP ★240574.In standalone mode, if an alternative gatekeeper is initiated during a VoIP call, sessions do not age out immediately after the call endsIn HA mode, if an alternative gatekeeper is initiated during a VoIP call and there is a firewall HA recycle, sessions only age out after a long time
6.1.0r3 ★VoIP ★241465.If a phone tries to register while SIP is disabled, SIP sessions must be cleared once SIP is enabled After SIP is enabled and SIP sessions have been cleared, all phones that tried to register prior to SIP being enabled will need to be reset Failure to reset a SIP phone that attempted to register before SIP was enabled will result in that SIP phone being unable to place or receive calls
6.1.0r3 ★VoIP ★250319.The SIP functionality does not support a customized port, so a SIP call that uses custom ports might fail W/A: Use the default SIP port (5060)
6.1.0r3 ★VoIP ★261464.On NS 5400 devices, Media Gateway Control Protocol (MGCP) traffic performance drops significantly when the number of active calls exceeds 8000 The issue is the result of having sessions installed on both ASICs in the device rather than on only one as is the case with single-ASIC platforms
6.1.0r3 ★VPN ★240108.The security device does not allow a static DNS host entry to be removed if the hostname has been used in an IKE gateway configuration, even if the entry was entered in error or incorrectly and even if the IKE gateways had since been removed W/A: Reboot the device to clear the DNS entry Because the DNS entry is erroneous, rebooting will maintain the IKE configuration while clearing the mistaken DNS entry 241207.During IPSec SA rekeying, some packets may be dropped on the initiator side because the packet is received before the SA table is created Packets will only be dropped for a very short time There should not be any packets dropped after the SA table is installed
6.1.0r3 ★VPN ★253238.ScreenOS does not limit the number of GRE tunnels you can create This incorrectly allows you to create more GRE tunnels than are supported Errata This section lists outstanding issues with the documentation Deep Inspection (DI) DI for peer-to-peer (P2P) networking application is not supported The Concepts & Examples ScreenOS Reference Guide erroneously states DI supports the P2P networking application Limitations and Compatibility
登録:
コメントの投稿 (Atom)
0 件のコメント:
コメントを投稿