Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 15.1X49-D100 for Sky ATP.

  • After you change the revocation configuration of a CA profile, the change cannot be populated to the SSL-I's revocation check. We recommend you change the SSL-I configuration to enable or disable CRL checking instead of using a ca-profile configuration. [PR 1143462]
  • When in HA mode, if you disable and then reenable CRL checking of certificate validity, the system does not reenable CRL checking. You must reboot the SRX1500 Services Gateway before CRL checking is again enabled. [PR 1144280]
  • If you select the Permit action in the Configure > Email Management > SMTP window, e-mails with attachments are sent directly to the recipients while the attachments are sent to the cloud for analysis. If system constraints, such as memory issues, cloud connectivity issues, etc., occur while the attachment is sent to the cloud, the fallback condition is supposed to be used. However, in this case, the Permit action overrides the fallback action. For example, if your fallback condition is Block, the Permit action as configured in the Web GUI is used. [PR 1239650]
  • A file submission timeout can occur on the SRX Series device when the following conditions are present:
    • The advanced anti-malware service (AAMW) is enabled.
    • SMTP or SMTPS is configured in the AAMW policy.
    • The fallback action is permit.
    • Long network latency exists between the SRX Series device and the Sky ATP cloud service.

    Under these circumstances, the e-mail remains in the sender’s Outlook outbox and the recipient never receives the e-mail.

    As a workaround, try to resolve the long latency issue between the SRX Series device and the Sky ATP cloud service. If this is not possible, increase the server timeout setting in the recipient’s Outlook. [1254088]

  • When the AAMW service is enabled and SMTP inspection is configured in the AAMW policy, SMTP e-mails encoded with the uuencode mechanism cannot be decoded or identified and as such are not inspected by the Sky ATP cloud for malware. [1236721]
  • There is a small chance that the AAMW daemon core dumps under the following conditions. The AAMW daemon will automatically recover.
    • The AAMW service is enabled on the SRX Series device.
    • The SRX Series device is enrolled with Sky ATP.
    • traceoption is enabled with either the flag daemon or flag all option (for example, set services advanced-anti-malware traceoptions flag daemon or set services advanced-anti-malware traceoptions flag all).
    • The user continues to commit configuration changes in AAMW. [1261881]
  • AAMW sessions will always use the AAMW parameters configured at the time the session was establishment. Configuration changes will not retroactively affect already established sessions. For example, a session established when the verdict threshold is 5 will always have 5 as the threshold even if the verdict threshold changes to other values during that session’s lifetime. [1270751]
  • When you select the Deliver malicious messages with warning headers added option, Sky ATP adds headers to e-mails that most mail servers will recognize and filter into spam or junk folders. However, there are some SMTP servers that do not recognize the added headers and may reject these e-mails. [1281987]

Modified: 2017-06-28