Hot Patch Releases
This section describes the installation procedure and resolved issues in Junos Space Security Director Release 23.1R1 hot patch.
During hot patch installation, the script performs the following operations:
- Blocks the device communication.
- Stops JBoss, JBoss Domain Controller (JBoss-dc), and jmp-watchdog services.
- Backs up existing configuration files and EAR files.
- Updates the Red Hat Package Manager (RPM) files.
- Restarts the watchdog process, which restarts JBoss and JBoss-dc services.
- Unblocks device communication after restarting the watchdog process for device load balancing.Note:
You must install the hot patch on Security Director Release 23.1R1 or on any previously installed hot patch. The hot patch installer backs up all the files which are modified or replaced during hot patch installation.
Installation Instructions
Perform the following steps in the CLI of the JBoss-VIP node only:
-
Download the Security Director 23.1R1 Patch vX from the download site.
Here, X is the hot patch version. For example, v1, v2, and so on.
-
Copy the
SD23.1R1-hotpatch-vX.tgz
file to the/home/admin
location of the VIP node. -
Verify the checksum of the hot patch for data integrity:
md5sum SD23.1R1-hotpatch-vX.tgz.
-
Extract the
SD23.1R1-hotptach-vX.tgz
file:tar -zxvf SD23.1R1-hotpatch-vX.tgz
Note:For only Security Director 23.1R1 Hot Patch v7, extract the
SD23.1R1-hotptach-v7.tgz
file:tar -xvf SD23.1R1-hotpatch-v7.tgz
-
Change the directory to
SD23.1R1-hotpatch-vX
.cd SD23.1R1-hotpatch-vX
-
Execute the
patchme.sh
script from theSD23.1R1-hotpatch-vX
folder:sh patchme.sh
The script detects whether the deployment is a standalone deployment or a cluster deployment and installs the patch accordingly.
A marker file, /etc/.SD23.1R1-hotpatch-vX
, is created with the list of
Red-hat Package Manager (RPM) details in the hot patch.
-
We recommend that you install the latest available hot-patch version, which is the cumulative patch.
New and Enhanced Features in the Hot Patch
Junos Space Security Director Release 23.1R1 hot patch includes the following enhancements:
-
Support for SRX2300—Starting in Junos Space Security Director Release 23.1R1 hot patch v3, we've provided support for SRX2300 Firewall.
-
Support for SRX1600—Starting in Junos Space Security Director Release 23.1R1 hot patch v2, we've provided support for SRX1600 Firewall.
Supported Devices in the Hot Patch
Table 1 lists the devices supported in Security Director 23.1R1 Hot Patch Releases.
Supported Device | Hot Patch Release Version |
---|---|
SRX1600 |
Junos Space Security Director 23.1R1 Hot Patch v2 |
SRX2300 |
Junos Space Security Director 23.1R1 Hot Patch v3 |
Resolved Issues in the Hot Patches
Table 2 lists the resolved issues in Security Director Release 23.1R1 hot patch.
PR | Description | Hot Patch Version |
---|---|---|
The Application Visibility page does not show the exact number of applications in the Security Director GUI. |
v7 |
|
The Application Visibility page takes longer than usual to display data in Security Director. |
v7 |
|
UTM default configuration pushes extra configurations from Security Director. |
v7 |
|
The user is unable to view UTM categories in Security Director GUI. |
v7 |
|
The user is unable to fetch geo IP from PE, the progress bar is stuck at zero percent in Security Director. |
v7 |
|
The Source Zone category under Web Filtering does not show any data in Security Director GUI. |
v7 |
|
The user is unable to push multiple metadata-based policies in custom LSYS from Security Director. |
v7 |
|
The user is unable to import the firewall policy in Security Director. |
v7 |
|
When you try to publish a VPN job in Security Director, it fails with
|
v7 |
|
The user is unable to login to Security Director with a system generated password. |
v7 |
|
Policy based VPN is missing from the security policy rule. |
v7 |
|
The user is unable to change the MTU (Maximum Transmission Unit) size from the Create Hub & Spoke (Establishment All Peers) VPN page in Security Director. |
v7 |
|
When the user tries to select the source NAT pool in a sub domain, Security Director displays NAT pools across all sub domains in the drop-down list. |
v7 |
|
Error while importing a variable using CSV in Security Director. |
v7 |
|
The user is unable to download SummaryReport.zip file in
Security Director, fails with |
v7 |
|
Snapshot policy job takes longer than usual to complete after upgrading from Security Director Release 21.3R1 to Security Director Release 23.1R1. |
v6 |
|
The configuration preview takes longer than usual to complete in Security Director. |
v5 |
|
The user is unable to import the CSV file for variable objects in Security Director. |
v5 |
|
The user is unable to preview, publish, and update a configuration in Security
Director. The job fails with |
v5 |
|
The user is unable to delete the details of users and roles from Security Director. |
v5 |
|
The Rollback function is not working properly in Security Director. |
v5 |
|
The Intrusion Detection and Prevention (IDP) policy update is successful, but the SRX series CLI failed due to a mismatch between node0 and node1 in the NSM-download file. |
v5 |
|
The user is unable to upload the latest-space-update zip file to the IDP signature database offline. |
v5 |
|
Firewall Policy preview fails when you upgrade from Security Director Release 21.3R1 to Security Director Release 23.1R1. |
v5 |
|
IDP packet capture process fails to run on the JBoss VIP node. |
v5 |
|
When user tries to delete a security policy rule between two zones, Security Director generates two delete statements and the update fails. |
v4 |
|
User is unable to create static route under Security Director 22.3R1.20 while using host/32. |
v4 |
|
IP filter tab search is not working as expected. |
v4 |
|
User is unable to publish a policy. |
v4 |
|
User is unable to change password from Security Director > My Profile > Change Password. |
v4 |
|
PR1764858 |
When user selects the application session under appvisibility page, Security Director redirects to the wrong filter under all events. |
v3 |
PR1756160 |
Devices missing from the UTM Install Category page. |
v3 |
PR1755886 |
During NAT policy import, Security Director creates address object with value 0.0.0.0/0 and not any IP4 adresses. |
v3 |
PR1754759 |
Security Director fails to search rule name for imported rules. |
v3 |
PR1765982 |
Security Director API fails to prevent creation of duplicate addresses. |
v3 |
PR1771392 |
User is unable to add an extranet device without an IP address when creating a site-to-site IPSec VPN where the remote site has a dynamic IP address. |
v3 |
PR1752533 |
LC under Insights Nodes disappears after discovery. |
v3 |
PR1724644 | Frequent syslog data parsing and circuit_breaking_exception error appers while fetching it via curl query. | v2 |
PR1751227 | Security director is unable to get the policy hit count using the rest API. | v2 |
PR1741255 | The application visibility feature shows incorrect application data in Security Director. | v2 |
PR1754290 | VPN publishing jobs fail. | v2 |
PR1755392 | When you search for a policy in Security Director through the rest API, the source or destination address of the policy is not displayed. | v2 |
PR1732842 | The Pie chart is not displayed in the generated report because of the exceeding character limit in the URL. | v2 |
PR1737807 | When you try to preview the changes done to a policy before publishing, it
fails with Calculating XML Edit Config error message. |
v1 |
PR1737807 | Security Director deletes the routing options autonomous-system configuration, when you try to update the devices with IPsec VPN. | v1 |
PR1736563 | Security Director modifies the device setup by adding an additional set of VPN configurations. | v1 |
PR1735089 | Security Director deletes the configurations for the policy-based VPNs that do not get imported to Security Director. | v1 |
PR1727372 | The VPN Monitoring page does not load the data in Security Director Release 22.3R1. | v1 |
PR1698920 | Security Director shows invalid configuration in the update configuration preview. | v1 |
PR1744985 | After upgrading Security Director to 23.1R1 release, report generation fails with an error. | v1 |
PR1732842 | The Pie chart is not displayed in the generated report because of the exceeding character limit in the URL. | v1 |
PR1746082 | When you schedule a job to generate a report, it fails with exceptions. | v1 |
PR1741255 | The application visibility feature shows incorrect application data in Security Director. | v1 |
PR1728629 | User is unable to sort the columns on the Logging Devices page in Security Director. | v1 |
PR1743599 | Security Director displays the Tunnel Status as UNKNOWN when user tries to create a VPN through the GUI. | v1 |
If the hot patch contains a UI fix, then you must clear the Web browser’s cache to reflect the latest changes.
Known Issues in the Hot Patch
Junos Space Security Director Release 23.1R1 hot patch includes the following known issue:
The user is unable to update IPS Policy for multiple logical systems when one of the
logical systems is configured with all-attack signature. The job fails with Device
is down
error message. PR1827871