Juniper Networks 5400 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Juniper Networks 5400. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Juniper Networks 5400 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Juniper Networks 5400 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Juniper Networks 5400, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Juniper Networks 5400 debe contener:
- información acerca de las especificaciones técnicas del dispositivo Juniper Networks 5400
- nombre de fabricante y año de fabricación del dispositivo Juniper Networks 5400
- condiciones de uso, configuración y mantenimiento del dispositivo Juniper Networks 5400
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Juniper Networks 5400 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Juniper Networks 5400 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Juniper Networks en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Juniper Networks 5400, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Juniper Networks 5400, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Juniper Networks 5400. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 1 of 42 Juniper Networks NetScreen Release Notes Product: Juniper NetS creen-5XT, Juniper NetScreen-204, Juniper NetScreen-208, Juniper NetScreen -500, Juniper NetScreen-5200, Juniper NetScreen-5400 Version: ScreenOS 5.0.0r9-FIPS Release Status: Private Part Number: 093-1638-000, Rev. A Date: 6-01[...]

  • Página 2

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 2 of 42 5. Known Issues o n page 29 5.1 Limitation s of Features in ScreenOS 5.0.0 on page 29 5.2 Compatibility Issues in ScreenOS 5.0.0 on page 30 5.2.1 Upgrade Paths from P revious Releases on page 31 5.3 Known Issues in Scre enOS 5.0.0 o n page 32 5.3.[...]

  • Página 3

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 3 of 42 Refer to the following table to understan d what ScreenOS v ersions map to w hich product. 2. New Features and Enhancements The following sections detail new featur es and enhancements in ScreenOS 5.0.0 releases. For a complete list and descriptio[...]

  • Página 4

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 4 of 42 According to Trend Micro, the categories of viruses bypassed include HTML and Javascript. However, the subset o f the bypassed viruses can be described as the following: Javascript/Jscript/HTML embedded in HTML code (having HTTP content type of te[...]

  • Página 5

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 5 of 42 3. Changes to Default Behavior There are numerous changes in default behavior. For detailed information on changes to default behavior in ScreenOS 5.0.0, refer to the Juniper Networks NetScreen ScreenOS Migration Guide . Specific changes in defaul[...]

  • Página 6

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 6 of 42 • 03537 – The device failed when it incorrectly sent the DHCPDISCOVER packet out in the callback function. • 03528 – The subscription key retrieval oper ation worked only intermittently because the device did not cl ose the SSL socket prop[...]

  • Página 7

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 7 of 42 • 03358 – A very long URL entry when y o u attempt to perform URL filtering sometimes caused th e device to fail. • 03356 – The Phase 2 rekey sometimes fail ed after the Phase 1 expired when you used Kbytes as the criteria to trigger a Pha[...]

  • Página 8

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 8 of 42 • 03269 – The Juniper Net Screen-5GT incorre ctly autonegotiat ed to 10MBps half duplex after it had initi ally set itself to 10MBps full duplex. • 03267 – The anti-virus feature had a problem handling the HTTP packets because a web serve [...]

  • Página 9

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 9 of 42 • 03132 – When using Juniper NetScreen- Remote to connect to a Juniper NetScreen-500 dial-up VPN usin g the WebUI, the IKE Gateway Configuratio n displays as user instead of user-g roup . • 03128 – Mistakes occurred with (MIP) Mapp ed IP t[...]

  • Página 10

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 10 of 42 • 02986 – SSHv2 with RADIUS auth entication failed to authenticate external users properly. • 02985/02996 – The Juniper NetScreen-5000 Se ries systems sometimes failed from memory corruption due to kernel locking. • 02975 – While perf[...]

  • Página 11

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 11 of 42 • 02867 – If the DHCP relay se rver is set with an IP address, the dev ice incorrectly attempted to resolve the IP address with the host name even though there was no hostname. • 02861 – IP swapping issues occ urred on the Juniper NetScre[...]

  • Página 12

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 12 of 42 • 02580 – When you created a new custom service, and then confi gured a VPN using IKE, the Proxy ID setting in the VPN Autokey IKE configuration incorrectly defaults to the n ew custom se rvice, and n ot the ANY se rvice. • 02555 – The sy[...]

  • Página 13

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 13 of 42 • 01998 – You could n ot save the set console aux disable command into the device config uration. • 01739 – Ping oper ations would not work if fast agi ng out of MAC addresses did not occur when a PC migrated from one Juniper NetScreen-5G[...]

  • Página 14

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 14 of 42 whenever the device restarts and does not effect the normal operation of the device. • 36473 – Restarting a Juniper Networks secu rity appliance while it was performing an operatio n in flash some times damaged the data on the device and caus[...]

  • Página 15

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 15 of 42 • 02926 – The number of syslog messages sent per second from the Juniper Networks security applia nce were being limite d by an in ternal process. • 02924 – SMTP (Simple Mail Transfer Prot ocol) queued emai ls on Microsoft Outlook 2003 cl[...]

  • Página 16

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 16 of 42 • 02822 – The DHCP utility did not work on one of the redundant interfaces on a device. The interface did not appe ar in the DHCP environment in the WebUI. • 02814 – The SNMP interface in dex values were inconsistent through the SNMP tree[...]

  • Página 17

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 17 of 42 • 02709 – When you set a manual VPN auth entication setting to NULL on a Juniper Networks security appliance, th e device failed because a Null length is invalid. • 02707 – When performing an anti-virus scan on a Juni per NetScreen-5GT de[...]

  • Página 18

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 18 of 42 • 02655 – The event log timesta mp changed to Daylight Savings Time (DST) even though DST was not enabled. • 02642 – After configuring SCREEN setting threshol ds on a device usi ng the WebUI or CLI, the get config | include < screen_se[...]

  • Página 19

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 19 of 42 • 02551 – An NSRP backup devic e indicated that a failov er occurred continuously when no failure on the primary device occurred. • 02543 – A device rebooted because of an improperly processed checksum. • 02542 – When upgra ding a Jun[...]

  • Página 20

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 20 of 42 • 02333 – When a device att empted to bloc k files with a .exe extension, it incorrectly block ed files with .zi p extension s. • 02326 – A device incorrectly created sessi ons if the IP address had a unicast destination while the destina[...]

  • Página 21

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 21 of 42 4.3 Addressed Issues from ScreenOS 5.0.0r7 Manufacturing-only release. 4.4 Addressed Issues from ScreenOS 5.0.0r6 • 38268 – A J uniper Networks security applia nce running a BGP peer vi rtual routing instance cannot use an MD5 type password w[...]

  • Página 22

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 22 of 42 • 02384 – The device failed if you connecte d an Ethernet cable to the untrust interface in the v1-untrust zone w hil e the device was in transparent mode. • 02383 – Under some circumstances, the OSPF routing instance could not build an a[...]

  • Página 23

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 23 of 42 • 02272 – HTTP and HTTPS packets passe d through VPN tunnels more slowly than expected, sometimes to th e point of timing out and causing the device to continually retransmit the pac kets. • 02250 – The device sometimes generated an error[...]

  • Página 24

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 24 of 42 • 37069 – The configuration wizard option in the WebUI that enables you to skip the wizard screens was not present on the initial wizard screen. This option enables you to go directly to the WebUI login wi ndow to enter the device to manage i[...]

  • Página 25

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 25 of 42 • 02134 – When a policy specified a service that conta ined the same ranges for both the source port and destin ation port, traffic associated with other services with the same port ranges ma tched the conditions of t he policy and the policy[...]

  • Página 26

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 26 of 42 discrepancy, you had to read the text de scription of the trap type to identify it. Now you can refer to the trap type value to identify it. For e xample, the traditional SNMP trap type value for a Cold Start event is 0. Please check the ScreenOS[...]

  • Página 27

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 27 of 42 • 01985 – You could not schedule a policy using the WebUI. • 01970 – Under cert ain circumstances, th e Juniper Networks security appliance did not send email alert s. • 01943 – When the DH CP payload (i nformati on included with the [...]

  • Página 28

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 28 of 42 • 36717 – When upgrading to ScreenOS 5.0.0, the maxi mum number of address groups allowed for Layer2 predefined zones incorrectl y got set to the same number as for custom zones. As a result, if the numbe r of address groups in Layer2 predefi[...]

  • Página 29

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 29 of 42 • 01958 – An internal mishandling of the MAC cache could ca use a security appliance to crash . • 01944 – The group addresses for V1-untrust zone were getting lost after upgrading a device from a previo us rele ase. The group address for [...]

  • Página 30

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 30 of 42 • SSH Version 1 Interoperability – The embedded SSH server in ScreenOS 5.0.0 has issues wi th the client fr om SSH Communications Security when operating in SSH version 1 mode. W/A: Use SSH version 2 or a different SSH version 1 client, such [...]

  • Página 31

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 31 of 42 – Freeswan - The Freeswan 1.3 VPN client is incompat ible with ScreenOS 5.0.0 in certain co nfigurations due to IKE feature s that Freeswan doe s not fully support . The result is tha t Phase 2 negot iations and Phase 2 SA will not complete if [...]

  • Página 32

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 32 of 42 Juniper NetScreen- 5000 series only : Before you upgrade a Jun iper Networks security applia nce to ScreenOS 5.0.0, we recommend that you verify the amount of memory on the device us ing the get system CLI command. You ne ed 1 gigaby te of memory[...]

  • Página 33

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 33 of 42 • 03504 – The value of the sysUpTime variable from an SNMP query incorrectly displays as more than 497 da ys. • 03495 – When the dev ice drops packets after you issued the set f low tcp- syn-check command, ScreenOS does no t log the drop [...]

  • Página 34

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 34 of 42 W/A: Execute the save command first, be fore executing the save config from flash to slot1 command. 5.3.3 Known Issues from ScreenOS 5.0.0r7 None. 5.3.4 Known Issues from ScreenOS 5.0.0r6 None. 5.3.5 Known Issues from ScreenOS 5.0.0r5 None. 5.3.6[...]

  • Página 35

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 35 of 42 5.3.7 K nown Issues from Scre enOS 5.0.0r3 for the 5000-M2 • 38001 – When you run the get sessi on command, ScreenOS sometimes displays the policy ID n umber incorre ctly as a negative nu mber. • 37993 – When enabled on a Juniper NetScree[...]

  • Página 36

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 36 of 42 • 36807, 36876 – When a 10 0Mbps link between a Juniper NetScreen-5 000 Series system and another device reve rts to a 10Mbps throughpu t level on the other device, the Juni per NetScreen-5000 Series system remains at the 100Mbps throughput l[...]

  • Página 37

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 37 of 42 exceeds the maximum number of routes permitted on a single page, all subsequent pages display the routes from the first page. • 35417 - If you set the guaranteed or maximum bandwidth (GBW or MBW) higher than the interface bandwidth , traffic do[...]

  • Página 38

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 38 of 42 displays only when you issue a ‘get event' CLI command, and not when you issue a 'g et log event' CLI command. • 33916 - A Juniper Networks securit y appliance supports a maximum of 256 OSPF interfaces. • 33598 - For inter-vs[...]

  • Página 39

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 39 of 42 number to the same port number as th e original destination port. This does not affect traffic. • 30844 - When AV is enabled, you cannot down load files to the Juniper Networks security appliance through a VPN using the WebUI. W/A: Specify a pe[...]

  • Página 40

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 40 of 42 • 28138 - The Websense server provides erroneous protocol version information, which the J uniper Netw orks security appliance displays. • 28016 - Juniper Networks secu rity appliances do not support a MIP in the same zone as the destination [...]

  • Página 41

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 41 of 42 6. Getting Help For further assistance with Ju niper Netwo rks products, visit www.juniper.n et/support Juniper Networks occasionally provides maintenance releases (updates and upgrades) for ScreenOS firm ware. To have access to these releases, y[...]

  • Página 42

    Junipe r Networks NetScreen Release No tes ScreenOS 5.0.0r9-FIPS P/N 093-1638-000, Rev. A Page 42 of 42[...]