Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
[+] Expand All
[-] Collapse All

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 18.1R1 for Juniper Sky ATP.

  • At this time, command and control URL feeds are not supported with SSL forward proxy.

  • After you change the revocation configuration of a CA profile, the change cannot be populated to the SSL-I's revocation check. We recommend you change the SSL-I configuration to enable or disable CRL checking instead of using a ca-profile configuration. [PR 1143462]

  • When in HA mode, if you disable and then reenable CRL checking of certificate validity, the system does not reenable CRL checking. You must reboot the SRX1500 Services Gateway before CRL checking is again enabled. [PR 1144280]

  • If you select the Permit action in the Configure > Email Management > SMTP window, e-mails with attachments are sent directly to the recipients while the attachments are sent to the cloud for analysis. If system constraints, such as memory issues, cloud connectivity issues, etc., occur while the attachment is sent to the cloud, the fallback condition is supposed to be used. However, in this case, the Permit action overrides the fallback action. For example, if your fallback condition is Block, the Permit action as configured in the Web GUI is used. [PR 1239650]

  • A file submission timeout can occur on the SRX Series device when the following conditions are present:

    • The advanced anti-malware service (AAMW) is enabled.

    • SMTP or SMTPS is configured in the AAMW policy.

    • The fallback action is permit.

    • Long network latency exists between the SRX Series device and the Juniper Sky ATP cloud service.

    Under these circumstances, the e-mail remains in the sender’s Outlook outbox and the recipient never receives the e-mail.

    As a workaround, try to resolve the long latency issue between the SRX Series device and the Juniper Sky ATP cloud service. If this is not possible, increase the server timeout setting in the recipient’s Outlook. [1254088]

  • When the AAMW service is enabled and SMTP inspection is configured in the AAMW policy, SMTP e-mails encoded with the uuencode mechanism cannot be decoded or identified and as such are not inspected by the Juniper Sky ATP cloud for malware. [1236721]

  • AAMW sessions will always use the AAMW parameters configured at the time the session was establishment. Configuration changes will not retroactively affect already established sessions. For example, a session established when the verdict threshold is 5 will always have 5 as the threshold even if the verdict threshold changes to other values during that session’s lifetime. [1270751]

  • When you select the Deliver malicious messages with warning headers added option, Juniper Sky ATP adds headers to e-mails that most mail servers will recognize and filter into spam or junk folders. However, there are some SMTP servers that do not recognize the added headers and may reject these e-mails. [1281987]

  • if UTM IMAP and AAMW IMAP are configured in the same policy, AAMW will not inspect the e-mail attachment. [1275002]

  • If you are upgrading from Junos 15.1X4 9-D110 or earlier and select the no validate option, the Network Security Daemon (NSD) may not function properly. This could result in other symptoms as follows:

    If you configure a block close http file in a security intelligence policy, for example,

    set services security-intelligence profile CC_SERVER rule Rule-2 then action block close http file secintel_default_page.html

    the system software validation might fail.

    As a workaround, it is suggested you deactivate the SecIntel service redirect configuration before upgrading from Junos 15.1X4 9-D110 or earlier.

    deactivate services security-intelligence profile CC_SERVER rule Rule-2 then action block close http


  • For certain actions for inspection profiles, the eicar.exe file is permitting instead of taking the configured actions. This applies to http and smtp. The inspection profile eicar.exe file is permitted instead of block for http and tag-and-deliver for smtp. [1317897-1]

Modified: 2018-05-16