Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Documentation Updates

This section lists the errata and changes in Junos OS Release 12.1X46 documentation.

Documentation Updates for the Junos OS Software Documentation

This section lists improvements and outstanding issues with the software documentation.

Junos OS for SRX Series Documentation

• (New) The Complete Software Guide consolidates all of the release-specific content that applies to Junos OS for SRX Series devices (except release notes) into a three volume set of PDFs that you can download and view offline. The first volume contains getting started and administration information; the second contains feature information; the third contains developer information. You can find the PDFs in the Downloads box on the right side of the Junos OS for SRX Series Services Gateways, Release 15.1X49-D70 index page.
• (New) The Getting Started Guide for Branch SRX Series describes how to get up and running with branch SRX Series devices.
• (Expanded) The Monitoring and Troubleshooting for Security Devices contains significantly more content to help network and security managers keep their SRX Series devices running smoothly in their production environments.
• (Expanded) The Junos OS for SRX Series Services Gateways, Release 15.1X49-D70 index page has been expanded to serve as a “one stop shop” for all of your Junos OS for SRX Series technical documentation needs.

Junos OS Release Notes

In Junos OS 12.1X46-D10 Release Notes and Junos OS 12.X46-D15 Maintenance Release Notes, the SCCP ALG feature description has the following incorrect information:

Support for SCCP v20—This feature is supported on all SRX Series devices.

Starting in Junos OS Release 12.1X46-D10, the SCCP ALG supports version 20. In SCCP v20, several SCCP messages have been updated with a new format.

The correct information is as follows:

Support for SCCP v20—This feature is supported on all SRX Series devices. Starting in Junos OS Release 12.1X46-D10, the SCCP ALG supports SCCP versions 16, 17, and 20 and several SCCP messages have been updated with a new format. Cisco Call Manager (CM) version 7 uses SCCP version 20.

Administration Guide for Security Devices

• Under the Configuration tab, the “Minimum DHCP Local Server Configuration” topic has been updated to replace the pool name and group name with more appropriate names. The text should read as follows:
  [edit access]

  address-assignment { pool acmenetwork family inet { network 192.168.1.0/24; }}
  [edit system services]

  dhcp-local-server { group mobileusers { interface ge-1/0/1.0 }}
  [edit interfaces ge-1/0/1 unit 0]

  family { inet { address 192.168.1.1/24 }}

BGP Feature Guide for Security Devices

• In “Example: Configuring Route Authentication for BGP,” the following configuration steps in the CLI quick configuration and in the step-by-step procedure sections are not supported on SRX Series devices:

  set security authentication-key-chains key-chain bgp-auth tolerance 30
  set security authentication-key-chains key-chain bgp-auth key 0 secret this-is-the-secret-password
  set security authentication-key-chains key-chain bgp-auth key 0 start-time 2011-6-23.20:19:33-0700
  set security authentication-key-chains key-chain bgp-auth key 1 secret this-is-another-secret-password
  set security authentication-key-chains key-chain bgp-auth key 1 start-time 2012-6-23.20:19:33-0700
  

Chassis Cluster Feature Guide for Security Devices

• Under the Configuration tab, in the Example: Configuring an SRX Series Services Gateway for the Branch as a Chassis Cluster, there is a correction in Table 2: SRX Series Services Gateways fxp0 and fxp1 Interfaces Mapping. For the SRX210, the fxp0 Interface should not be ge-0/0/0; it should be fe-0/0/6.
• The set chassis cluster cluster-id cluster-id node node rebootoperational mode command is missing from the Administration tab. This operational mode command sets the chassis cluster identifier (ID) and node ID on each device, and reboots the devices to enable clustering. This command has two options: cluster-id cluster-id (0 through 255) and node node (0 or 1). The system uses the chassis cluster ID and chassis cluster node ID to apply the correct configuration for each node (for example, when you use the apply-groups command to configure the chassis cluster management interface). The chassis cluster ID and node ID statements are written to the EPROM, and the statements take effect when the system is rebooted. Setting a cluster ID to 0 is equivalent to disabling a cluster. Support for extended cluster identifiers (more than 15 identifiers) added in Junos OS Release 12.1X46-D10. A cluster ID greater than 15 can only be set when the fabric and control link interfaces are connected back-to-back. The command has the following privilege level: maintenance.

  If you have a cluster set up and running with an earlier release of Junos OS, you can upgrade to Junos OS Release 12.1X46-D10 or later and re-create a cluster with cluster IDs greater than 16. If for any reason you decide to revert to the previous version of Junos OS that did not support extended cluster IDs, the system comes up with standalone devices after you reboot. If the cluster ID set is less than 16 and you roll back to a previous release, the system comes back with the previous setup.

Interfaces and Routing

• The “Example: Configuring a Serial Interface” of the “Modem Interfaces” guide provides the following incorrect output sample for the show interfaces se-1/0/0 command:
  encapsulation ppp;

  unit 0 {amily inet {amily inet;}}

  The correct output sample is:

  encapsulation ppp;

  unit 0 {family inet {address 10.10.10.10/24;}}

J Series Services Router Advanced WAN Access Configuration Guide

• The example given in the “Configuring Full-Cone NAT” section in the guide available at https://www.juniper.net/techpubs/software/jseries/junos85/index.html is incorrect. The correct and updated example is given in the revised guide available at https://www.juniper.net/techpubs/software/jseries/junos90) .

J2320, J2350, J4350, and J6350 Services Router Getting Started Guide

• The “Connecting to the CLI Locally” section states that the required adapter type is DB-9 female to DB-25 male. This is incorrect; the correct adapter type is DB-9 male to DB-25 male.

J-Web

• J-Web Security Package Update Help page—This Help page does not contain information about the download status.
• J-Web pages for stateless firewall filters—There is no documentation describing the J-Web pages for stateless firewall filters. To find these pages in J-Web, go to Configure>Security>Firewall Filters, and then select IPv4 Firewall Filters or IPv6 Firewall Filters. After configuring the filters, select Assign to Interfaces to assign your configured filters to interfaces.

Junos OS CLI User Guide

• In the log-prefix topic, SRX Series is missing from the list of supported platforms and release information.

Modem Interfaces Feature Guide for Security Devices

• The Example: Configuring the 3G Wireless Modem Interface in Modem Interfaces Guide provides the following incorrect information for configuring a dialer filter for the 3G wireless modem interface:
  • user@host# set firewall family inet dialer-filter corporate-traffic-only term term1 from source-address 20.20.90.4/32
  • user@host# set firewall family inet dialer-filter corporate-traffic-only term term1 from destination-address 200.200.201.1/32
  • user@host# set firewall family inet dialer-filter corporate-traffic-only term term1 then note

  The following incorrect configuration output is included:

  [edit]user@host# show firewall family inet dialer-filter corporate-traffic-only

  term term1 { from { source-address {20.20.90.4/32;}destination-address {200.200.201.1/32;}}then note;}

  The correct configuration is:

  user@host# set firewall family inet dialer-filter corporate-traffic-only term term1 then note

  The following configuration is output from the correct configuration:

  [edit]user@host# show firewall

  family inet { dialer-filter corporate-traffic-only {term term-1 {then note;}}}

Multicast Feature Guide for Security Devices

• Multicast Source Discovery Protocol (MSDP) is not supported on SRX Series devices in any type of custom routing instance.

Network Address Translation

The command show security nat source persistent-nat-table under Network Address Translation > Administration > Source NAT operational commands has the following errors:

• The command is missing the summary option—Display persistent NAT bindings summary.
• The command contains incomplete sample output—The corrected sample output is as follows:

   
Internal                        Reflective        Source     Type         Left_time/  Curr_Sess_Num/ Source
 In_IP  In_Port I_Proto Ref_IP    Ref_Port R_Proto NAT Pool                Conf_time   Max_Sess_Num  NAT Rule
9.9.9.1  60784   udp  66.66.66.68  60784     udp   dynamic-customer-source any-remote-host  254/300  0/30 105

 Internal             Reflective                  Source     Type          Left_time/  Curr_Sess_Num/  Source
 In_IP     In_Port I_Proto Ref_IP       Ref_Port R_Proto NAT Pool                    Conf_time   Max_Sess_Num    NAT Rule
9.9.9.1    63893   tcp    66.66.66.68   63893     tcp    dynamic-customer-source any-remote-host  192/300   0/30 105
9.9.9.1    64014   udp    66.66.66.68   64014     udp    dynamic-customer-source any-remote-host  244/300   0/30 105
9.9.9.1    60784   udp    66.66.66.68   60784     udp    dynamic-customer-source any-remote-host  254/300   0/30 105
9.9.9.1    57022   udp    66.66.66.68   57022     udp    dynamic-customer-source any-remote-host  264/300   0/30 105
9.9.9.1    53009   udp    66.66.66.68   53009     udp    dynamic-customer-source any-remote-host  268/300   0/30 105
9.9.9.1    49225   udp    66.66.66.68   49225     udp    dynamic-customer-source any-remote-host  272/300   0/30 105
9.9.9.1    52150   udp    66.66.66.68   52150     udp    dynamic-customer-source any-remote-host  274/300   0/30 105
9.9.9.1    59770   udp    66.66.66.68   59770     udp    dynamic-customer-source any-remote-host  278/300   0/30 105
9.9.9.1    61497   udp    66.66.66.68   61497     udp    dynamic-customer-source any-remote-host  282/300   0/30 105
9.9.9.1    56843   udp    66.66.66.68   56843     udp    dynamic-customer-source any-remote-host    -/300   1/30 105

Persistent NAT Table Statistics on FPC5 PIC0:
binding total : 65536 
binding in use : 0
enode total : 524288
enode in use : 0
    

Routing Protocols Overview for Security Devices

• The default route preference value in the “Understanding Route Preference Values” topic for Static and Static LSPs lists the values incorrectly. The correct values are as follows:

  How Route Is Learned	Default Preference
  Static	5
  Static LSPs	6

Security Policy Applications Feature Guide for Security Devices

• The show security policies command output description is missing the definition for the following Policy statistics fields:
  • Output packets—The total number of packets actually processed by the device.
  • Session rate—The total number of active and deleted sessions.
• On the Overview tab, under IP-Related Predefined Policy Applications, in the topic entitled “Understanding IP-Related Predefined Policy Applications,” the Port column for both TCP-ANY and UDP-ANY should indicate 0-65535. The lead-in sentence should read, “Each entry includes the port and a description of the application.” TCP-ANY means any application that is using TCP, so there is no default port for it. The same is true for UDP-ANY.
• In the topic entitled “Understanding Miscellaneous Predefined Policy Applications,” table “Predefined Miscellaneous Applications” is incomplete. Under the RADIUS row, add a new row:

  Table 6: Predefined Miscellaneous Applications

  Application	Port	Description
  RADIUS Accounting	1813	Enables the collecting of statistical data about users logging in to or out from a LAN and sending the data to a RADIUS Accounting server.

  In table “Predefined Miscellaneous Applications” replace the IPsec-NAT row with the following:

  Table 7: Predefined Miscellaneous Applications

  Application	Port	Description
  IKE	500	Internet Key Exchange is the protocol that sets up a security association in the IPsec protocol suite.
  IKE-NAT	4500	Helps to perform Layer 3 NAT for S2C IKE traffic.

  Application	Port	Description
  VoIP	389	Internet Locator Service (ILS)
  	522	User Location Service (ULS)
  	1503	T.120 Data sharing
  	1719	H.225 RAS message
  	1720	Q.931 Call Setup
  	1731	Audio Call Control
  	5060	SIP protocol

Various Guides

• Some Junos OS user, reference, and configuration guides—for example the Junos Software Routing Protocols Configuration Guide, Junos OS CLI User Guide, and Junos OS System Basics Configuration Guide—mistakenly do not indicate SRX Series device support in the “Supported Platforms” list and other related support information; however, many of those documented Junos OS features are supported on SRX Series devices. For full, confirmed support information about SRX Series devices, please refer to Feature Explorer: http://pathfinder.juniper.net/feature-explorer/select-software.html?swName=Junos+OS&typ=1.

WLAN Feature Guide for Security Devices

• This guide is missing information that the AX411 Access Point can be managed from SRX100 and SRX110 devices.
• This guide is missing the information that on all branch SRX Series devices, managing AX411 WLAN Access Points through a Layer 3 Aggregated Ethernet (ae) interface is not supported.

Documentation Updates for the Junos OS Hardware Documentation

This section lists outstanding issues with the hardware documentation.

J Series Services Routers Hardware Guide

• The procedure “Installing a DRAM Module” omits the following condition:

  All DRAM modules installed in the router must be the same size (in megabytes), type, and manufacturer. The router might not work properly when DRAM modules of different sizes, types, or manufacturer are installed.

• This guide incorrectly states that only the J2350 Services Router complies with NEBS criteria. It should state that the J2350, J4350, and J6350 routers comply with NEBS criteria.
• This guide is missing information about 100Base-LX connector support for 1-port and 6-port Gigabit Ethernet uPIMs.

SRX Series Services Gateways for the Branch Physical Interface Modules Hardware Guide

• This guide incorrectly documents that slot 3 of the SRX550 Services Gateway can be used to install GPIMs. The correct information is:
  • In Table 10: “SRX Series Services Gateway Interface Port Number Examples”, for 2-Port 10 Gigabit Ethernet XPIM, you can install the XPIM only in slot 6 of the SRX550 Services Gateway.
  • In Table 44: “Slots for 20-Gigabit GPIMs, for 20-Gigabit GPIM slots”, you can install the GPIM only in slot 6 of the SRX550 Services Gateway.

SRX100 Services Gateway Hardware Guide

• In the “Connecting an SRX100 Services Gateway to the J-Web Interface” section, the following information is missing in the note:

  Note: Microsoft Internet Explorer version 6.0 is also supported as backward compatible from Microsoft Internet Explorer version 7.0.

SRX210 Services Gateway Hardware Guide

• In the “Connecting an SRX210 Services Gateway to the J-Web Interface” section, the following information is missing in the note:

  Note: Microsoft Internet Explorer version 6.0 is also supported as backward compatible from Microsoft Internet Explorer version 7.0.

• The “SRX210 Services Gateway Specifications” table lists the values for chassis height, chassis width, chassis depth, chassis weight, and noise level incorrectly. The correct values are as follows:
  • Chassis height—1.73 in. (44 mm)
  • Chassis width—11.02 in. (280 mm)
  • Chassis depth—7.13 in. (181 mm)
  • Chassis weight:
    • 3.46 lb (1.57 kg) for SRX210 Services Gateway without PoE (no interface modules)
    • 3.55 lb (1.61 kg) for SRX210 Services Gateway with PoE (no interface modules)
  • Noise level—29.1 dB per EN ISO 7779

SRX220 Services Gateway Hardware Guide

• The “SRX220 Services Gateway Specifications” table lists the values for chassis height, chassis width, chassis depth, chassis weight, and noise level incorrectly. The correct values are as follows:
  • Chassis height—1.73 in. (44 mm)
  • Chassis width—14.29 in. (363 mm)
  • Chassis depth—7.13 in. (181 mm)
  • Chassis weight:
    • 4.52 lb (2.05 kg) for SRX220 models without PoE (no interface modules)
    • 4.62 lb (2.10 kg) for SRX220 models with PoE (no interface modules)
  • Noise level—51.1 dB per EN ISO 7779

SRX240 Services Gateway Hardware Guide

• In the “Connecting the SRX240 Services Gateway to the J-Web Interface” section, the following information is missing in the note:

  Note: Microsoft Internet Explorer version 6.0 is also supported as backward compatible from Microsoft Internet Explorer version 7.0.

• The “Maintaining the SRX650 Services Gateway Power Supply” section incorrectly states that the status of the power supplies on the SRX650 Services Gateway can be checked by issuing the show chassis environment pem command. The show chassis environment pem command is not supported on the SRX650 Services Gateway.

SRX110 Services Gateway 3G USB Modem Quick Start

• The SRX110 Services Gateway 3G USB Modem Quick Start has been updated with the J-Web procedures, and it is available on the Juniper Networks website.

SRX210 Services Gateway 3G ExpressCard Quick Start

• Several tasks are listed in the wrong order. “Task 6: Connect the External Antenna” should appear before “Task 3: Check the 3G ExpressCard Status,” because the user needs to connect the antenna before checking the status of the 3G ExpressCard. The correct order of the tasks is as follows:
  1. Install the 3G ExpressCard
  2. Connect the External Antenna
  3. Check the 3G ExpressCard Status
  4. Configure the 3G ExpressCard
  5. Activate the 3G ExpressCard Options
• In “Task 6: Connect the External Antenna,” the following sentence is incorrect and redundant: “The antenna has a magnetic mount, so it must be placed far away from radio frequency noise sources including network components.”
• In the “Frequently Asked Questions” section, the answer to the following question contains an inaccurate and redundant statement:

  Q: Is an antenna required? How much does it cost?

  A: The required antenna is packaged with the ExpressCard in the SRX210 Services Gateway 3G ExpressCard kit at no additional charge. The antenna will have a magnetic mount with ceiling and wall mount kits within the package.

  In the answer, the sentence “The antenna will have a magnetic mount with ceiling and wall mount kits within the package” is incorrect and redundant.

SRX210 Services Gateway Quick Start Guide

• The section on installing software packages is missing the following information:

  On SRX210 devices, the /var hierarchy is hosted in a separate partition (instead of the root partition). If Junos OS installation fails as a result of insufficient space:

  1. Use the request system storage cleanup command to delete temporary files.
  2. Delete any user-created files both in the root partition and under the /var hierarchy.

Related Documentation

• New and Changed Features
• Changes in Behavior and Syntax
• Known Behavior
• Known Issues
• Resolved Issues
• Migration, Upgrade, and Downgrade Instructions