Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Hot Patch Releases

This section describes the installation procedure, features, and resolved issues in Junos Space Security Director Release 22.2R1 hot patch.

During hot patch installation, the script performs the following operations:

  • Blocks the device communication.

  • Stops JBoss, JBoss Domain Controller (JBoss-dc), and jmp-watchdog services.

  • Backs up existing configuration files and EAR files.

  • Updates the Red Hat Package Manager (RPM) files.

  • Restarts the watchdog process, which restarts JBoss and JBoss-dc services.

  • Unblocks device communication after restarting the watchdog process for device load balancing.

Note:

You must install the hot patch on Security Director Release 22.2R1 or on any previously installed hot patch. The hot patch installer backs up all the files which are modified or replaced during hot patch installation.

Installation Instructions

Perform the following steps in the CLI of the JBoss-VIP node only:

  1. Download the Security Director 22.2R1 Patch vX from the download site.

    Here, X is the hot patch version. For example, v1, v2, and so on.

  2. Copy the SD22.2R1-hotpatch-vX.tgz file to the /home/admin location of the VIP node.

  3. Verify the checksum of the hot patch for data integrity:

    md5sum SD22.2R1-hotpatch-vX.tgz.

  4. Extract the SD22.2R1-hotptach-vX.tgz file:

    tar -zxvf SD22.2R1-hotpatch-vX.tgz

  5. Change the directory to SD22.2R1-hotpatch-vX.

    cd SD22.2R1-hotpatch-vX

  6. Execute the patchme.sh script from the SD22.2R1-hotpatch-vX folder:

    sh patchme.sh

    The script detects whether the deployment is a standalone deployment or a cluster deployment and installs the patch accordingly.

A marker file, /etc/.SD22.2R1-hotpatch-vX, is created with the list of Red-hat Package Manager (RPM) details in the hot patch.

Note:

We recommend that you install the latest available hot-patch version, which is the cumulative patch.

Resolved Issues in the Hot Patches

lists the resolved issues in the Security Director Release 22.2R1 hot patch.

Table 1: Resolved Issues in the Hot Patch

PR

Description

Hot Patch Version

PR1786519

Device update fails with statement not found error while trying to delete the only rule from the rule group.

V5

PR1763709

User is unable to publish a policy from Security Director.

V4

PR1748252

Unable to import firewall rule in Security Director if the rule has DAG with missing category.

V3

PR1745412

Configuration for the address object in the SSL proxy associated with the firewall rule is missing.

V3

PR1744985

After upgrading Security Director to 23.1R1 release, report generation fails with an error.

V3

PR1743599

Security Director displays the Tunnel Status as UNKNOWN when user tries to create a VPN through the GUI.

V3

PR1742002

When you try to preview the changes done to a policy before publishing, it fails with Calculating XML Edit Config error message.

V3

PR1736563

Security Director modifies the device setup by adding an additional set of VPN configurations.

V3

PR1731271

Security Director API displays internal server error during policy edit if the policy is locked.

V3

PR1728651

User is unable to import the group policies through zip file and snapshot roll back policy feature in Security Director.

V3

PR1728629

User is unable to sort the columns on the Logging Devices page in Security Director.

V3

PR1727372

The VPN Monitoring page does not load the data in Security Director Release 22.3R1.

V3

PR1723715

Save Comments does not work after upgrade to Security Director 22.3.

V3

PR1722324

Security Director is unable to import Firewall policy in SRX4200.

V3

PR1722117

Application visibility logs for the last eight hours and earlier are missing from the system.

V3

PR1716107

Security Director requires daily re-indexing for the search functionality to work properly.

V3

PR1701645

SRX series devices do not show any data in the Intrusion Prevention System (IPS) report with log event IDP_ATTACK_LOG_EVENT_LS.

V3

PR1698920

Security Director shows invalid configuration in the update configuration preview.

V3

PR1659212

The search functionality in Security Director does not work properly when you search by port number.

V3

PR1746987

The VPN monitoring process hangs continuously, resulting in pile-ups.

V3

PR1735089

Security Director deletes the configurations for the policy-based VPNs that do not get imported to Security Director.

V3

PR1653054

The Auto Policy Sync in Security Director does not work.

V3

PR1754290

VPN publishing jobs fail.

V3

PR1741484

User is unable to change the local password from the Security Director GUI, My Profile > Change Password.

V3

PR1734133

When user performs snapshot rollback policy, Security Director creates a duplicate default IPS policy.

V3

PR1664682

Geographical location report shows incorrect data in Security Director.

V2

PR1667530

The global search and column search functionalities do not work accurately in Security Director.

V2

PR1698572

Security director displays An error occurred while requesting the data error message while importing configuration from SRX4100 device.

V2

PR1702216

The application visibility feature does not show the log data for last eight hours and earlier.

V2

PR1709345

The Maximum Transmission Unit (MTU) is not visible during the edit workflow, when provided as default.

V2

PR1714846

When you add a new address to the address group, the GUI removes all the existing objects from the group.

V2

PR1568417

In Security Director, Security Director Insights shows the log source as 127.0.0.1 for all logs rather than the SRX IP address or the actual source from where the logs are originated.

V1

PR1613930

The user is unable to edit the Policy-based VPN name or description in Security Director.

V1

PR1653687

Security Director does not display the correct time-zone when you change the time-zone using modify configuration.

V1

PR1662267

The search functionality in Security Director does not work for newly configured rules.

V1

PR1674701

The Security Director log filter does not work as expected for a particular timeframe.

V1

PR1676755

Security Director fails to import the security policies with the object address 0.0.0.0/0.

V1

PR1679106

Security Director updates the database with incorrect cyclic service group.

V1

PR1681035

There are issues with VPN profiles authentication algorithm after you upgrade Security Director.

V1

PR1683144

The search and find usage functionality in Security Director does not work as expected.

V1

PR1683173

When the user configures a new IPsec VPN profile for route-based Hub and Spoke using the manual pre-shared key option, the output is set to multiple security IKE policies instead of only one security IKE policy.

V1

PR1687371

Security Director deletes the NAT and security intelligence settings from SRX Series Firewalls when the user uses DMI schema 22.1R1.10.

V1

PR1689302

Address object import from a CSV file fails.

V1

PR1689483

The search functionality in Security Director does not work for newly created address objects.

V1

PR1689638

When you view device changes, Security Director displays the Managed status as Device Changed for several devices.

V1

PR1691539

Security Director fails to import the policies using zip file.

V1

PR1694161

Security Director updates multiple policies even when you select only one policy for update.

V1

PR1695528

Intrusion Detection and Prevention (IDP) signature continues to install the updates on SRX Series devices from IDP files even when the file transfer fails.

V1

PR1698840

Update to the Logical System (LSYS) fail at times in Security Director.

V1

PR1700163

User is unable to change the destination address for static NAT rules in Security Director.

V1

PR1701008

When you change the sequence of three or more set of rules in the Security Director, the changed order does not appear correctly after saving the changes.

V1

PR1703135

User is unable to search for an object in Security Director even when the objects exist in Shared Objects.

V1

PR1709403

Security Director fails to import the policy zip files with more than 20000 rules.

V1

PR1701645

SRX series devices do not show any data in the Intrusion Prevention System (IPS) report with log event IDP_ATTACK_LOG_EVENT_LS.

V1

PR1707744

When you try to preview, publish, or update configuration in Security Director, it fails with an error.

V1

PR1710418

Security Director fails to publish the SRX series cluster policy with UTM is not available in the device error message.

V1

Note:

If the hot patch contains a UI fix, then you must clear the Web browser’s cache to reflect the latest changes.