Erratum in Documentation for JUNOS Software Release 9.4 for SRX-series Services Gateways
This section lists outstanding issues with the documentation.
Attack Detection and Prevention
The default parameters documented in the firewall/NAT screen configuration options table in the JUNOS Software Security Configuration Guide and the J-Web online Help do not match the default parameters in the CLI. The correct default parameters are:
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
}
[edit security screen ids-option untrust-screen]
DLSw
- The JUNOS Software Interfaces and Routing Configuration Guide incorrectly states that the data link switching (DLSw) protocol is supported in this release. DLSw support ended in JUNOS Release 9.3.
Intrusion Detection and Prevention (IDP)
- In the JUNOS Software Security Configuration
Guide, the following information in the "Verifying the
Policy Compilation and Load Status" section is incorrect:
- The text does not indicate that the log file must be created first.
- The path for the log file is incorrect.
Note the following correct information:
- Create the log file first by entering set security idp traceoptions file idpd. You can then set flags by entering set security idp traceoptions flag all.
- The correct path for the idpd log file is
/var/log, not/var/db
Screens
The following guides contain incorrect screen configuration instructions:
- JUNOS Software Security Configuration Guide, “Attack Detection and Prevention” chapter
- JUNOS Software Design and Implementation Guide, “Implementing Firewall Deployments for Branch Offices” chapter
Related Topics
- New Features in JUNOS Software Release 9.4 for SRX-series Services Gateways
- Known Limitations in JUNOS Software Release 9.4 for SRX-series Services Gateways
- Issues in JUNOS Software Release 9.4 for SRX-series Services Gateways
- Unsupported CLI Statements and Commands in JUNOS Software Release 9.4 for SRX-series Services Gateways
