This section lists the known issues in hardware and software in Junos OS Release 20.4R1 for Juniper ATP Cloud.
Starting with Junos OS Release 18.2R2 onwards, if advanced-anti-malware configuration is enabled in a security policy in Block mode, the SMB network traffic throughput can decrease significantly. To avoid this, we recommend that you configure the policy application as HTTP, HTTPS, SMTP, SMTPS, IMAP, or IMAPS. [PR1515053]
Command-and-control (C&C) URL feeds are not supported with SSL forward proxy.
After you change the revocation configuration of a CA profile, the change cannot be populated to the revocation check of the SSLi. Change the SSLi configuration to enable or disable CRL checking instead of using a ca-profile configuration. [PR1143462]
For an SRX1500 device in chassis cluster mode, if you disable and re-enable certificate revocation list (CRL) checking of certificate validity, the system does not re-enable CRL checking. You must reboot the SRX1500 Services Gateway before to re-enable CRL checking. [PR1144280]
If you select the Permit action in the Configure > Email Management > SMTP window, e-mails with attachments are sent directly to the recipients while the attachments are sent to the cloud for analysis. If system constraints such as memory issues and cloud connectivity issues occur while the attachment is sent to the cloud, the fallback condition is supposed to be used. However, the Permit action overrides the fallback action. For example, if your fallback condition is Block, the Permit action as configured in the Web GUI is used. [PR1239650]
A file submission timeout can occur on the SRX Series device when the following conditions are present:
The advanced anti-malware (AAMW) service is enabled.
SMTP or SMTPS is configured in the AAMW policy.
The fallback action is Permit.
Long network latency exists between the SRX Series device and the Juniper ATP Cloud service.
Under these circumstances, the e-mail remains in the sender’s outbox and the recipient never receives the e-mail.
As a workaround, try to resolve the long latency issue between the SRX Series device and the Juniper ATP Cloud service. If this is not possible, increase the server timeout setting in the recipient’s Outlook. [PR1254088]
When the AAMW service is enabled and SMTP inspection is configured in the AAMW policy, SMTP e-mails that are encoded with the uuencode mechanism cannot be decoded or identified, and are not inspected for malware by the Juniper ATP Cloud service. [PR1236721]
AAMW sessions always use the AAMW parameters that were configured when the session was established. Configuration changes do not retroactively affect sessions that are already established. For example, a session that is established when the verdict threshold is 5 will always have 5 as the threshold even if the verdict threshold changes to other values during that session’s lifetime. [PR1270751]
When you select the Deliver malicious messages with warning headers added option, Juniper ATP Cloud adds headers to e-mails that most mail servers will recognize and filter into spam or junk folders. However, some SMTP servers do not recognize the added headers and might reject these e-mails. [PR1281987]
If UTM IMAP and AAMW IMAP are configured in the same policy, AAMW does not inspect the e-mail attachment. [PR1275002]
If you are upgrading from Junos 15.1X4 9-D110 or earlier, and you select the no validate option, the Network Security Daemon (NSD) might not function properly. This could result in other issues.
For instance, If you configure a block close http file in a security intelligence policy the system software validation might fail. For example:
set services security-intelligence profile CC_SERVER rule Rule-2 then action block close http file secintel_default_page.html
As a workaround, you deactivate the SecIntel service redirect configuration before upgrading from Junos 15.1X4 9-D110 or earlier:
deactivate services security-intelligence profile CC_SERVER rule Rule-2 then action block close http
For certain actions for inspection profiles, the eicar.exe file is permitted instead of taking the configured actions. This applies to HTTP and SMTP. The inspection profile eicar.exe file is permitted instead of being blocked for HTTP and tag-and-deliver for SMTP. [PR1317897]