Hot Patch Releases
This section describes the installation procedure, features, and resolved issues in Junos Space Security Director Release 22.2R1 hot patch.
During hot patch installation, the script performs the following operations:
-
Blocks the device communication.
-
Stops JBoss, JBoss Domain Controller (JBoss-dc), and jmp-watchdog services.
-
Backs up existing configuration files and EAR files.
-
Updates the Red Hat Package Manager (RPM) files.
-
Restarts the watchdog process, which restarts JBoss and JBoss-dc services.
-
Unblocks device communication after restarting the watchdog process for device load balancing.
You must install the hot patch on Security Director Release 22.2R1 or on any previously installed hot patch. The hot patch installer backs up all the files which are modified or replaced during hot patch installation.
Installation Instructions
Perform the following steps in the CLI of the JBoss-VIP node only:
Download the Security Director 22.2R1 Patch vX from the download site.
Here, X is the hot patch version. For example, v1, v2, and so on.
Copy the SD22.2R1-hotpatch-vX.tgz file to the /home/admin location of the VIP node.
Verify the checksum of the hot patch for data integrity:
md5sum SD22.2R1-hotpatch-vX.tgz.
Extract the SD22.2R1-hotptach-vX.tgz file:
tar -zxvf SD22.2R1-hotpatch-vX.tgzChange the directory to SD22.2R1-hotpatch-vX.
cd SD22.2R1-hotpatch-vXExecute the
patchme.shscript from the SD22.2R1-hotpatch-vX folder:sh patchme.shThe script detects whether the deployment is a standalone deployment or a cluster deployment and installs the patch accordingly.
A marker file, /etc/.SD22.2R1-hotpatch-vX, is created with the list of Red-hat Package Manager (RPM) details in the hot patch.
We recommend that you install the latest available hot-patch version, which is the cumulative patch.
Resolved Issues in the Hot Patches
lists the resolved issues in the Security Director Release 22.2R1 hot patch.
|
PR |
Description |
Hot Patch Version |
|---|---|---|
|
Device update fails with statement not found error while trying to delete the only rule from the rule group. |
V5 |
|
|
User is unable to publish a policy from Security Director. |
V4 |
|
|
Unable to import firewall rule in Security Director if the rule has DAG with missing category. |
V3 |
|
|
Configuration for the address object in the SSL proxy associated with the firewall rule is missing. |
V3 |
|
|
After upgrading Security Director to 23.1R1 release, report generation fails with an error. |
V3 |
|
|
Security Director displays the Tunnel Status as UNKNOWN when user tries to create a VPN through the GUI. |
V3 |
|
|
When you try to preview the changes done to a policy before publishing, it fails
with |
V3 |
|
|
Security Director modifies the device setup by adding an additional set of VPN configurations. |
V3 |
|
|
Security Director API displays internal server error during policy edit if the policy is locked. |
V3 |
|
|
User is unable to import the group policies through zip file and snapshot roll back policy feature in Security Director. |
V3 |
|
|
User is unable to sort the columns on the Logging Devices page in Security Director. |
V3 |
|
|
The VPN Monitoring page does not load the data in Security Director Release 22.3R1. |
V3 |
|
|
Save Comments does not work after upgrade to Security Director 22.3. |
V3 |
|
|
Security Director is unable to import Firewall policy in SRX4200. |
V3 |
|
|
Application visibility logs for the last eight hours and earlier are missing from the system. |
V3 |
|
|
Security Director requires daily re-indexing for the search functionality to work properly. |
V3 |
|
|
SRX series devices do not show any data in the Intrusion Prevention System (IPS)
report with log event |
V3 |
|
|
Security Director shows invalid configuration in the update configuration preview. |
V3 |
|
|
The search functionality in Security Director does not work properly when you search by port number. |
V3 |
|
|
The VPN monitoring process hangs continuously, resulting in pile-ups. |
V3 |
|
|
Security Director deletes the configurations for the policy-based VPNs that do not get imported to Security Director. |
V3 |
|
|
The Auto Policy Sync in Security Director does not work. |
V3 |
|
|
VPN publishing jobs fail. |
V3 |
|
|
User is unable to change the local password from the Security Director GUI, My Profile > Change Password. |
V3 |
|
|
When user performs snapshot rollback policy, Security Director creates a duplicate default IPS policy. |
V3 |
|
|
Geographical location report shows incorrect data in Security Director. |
V2 |
|
|
The global search and column search functionalities do not work accurately in Security Director. |
V2 |
|
|
Security director displays |
V2 |
|
|
The application visibility feature does not show the log data for last eight hours and earlier. |
V2 |
|
|
The Maximum Transmission Unit (MTU) is not visible during the edit workflow, when provided as default. |
V2 |
|
|
When you add a new address to the address group, the GUI removes all the existing objects from the group. |
V2 |
|
|
In Security Director, Security Director Insights shows the log source as 127.0.0.1 for all logs rather than the SRX IP address or the actual source from where the logs are originated. |
V1 |
|
|
The user is unable to edit the Policy-based VPN name or description in Security Director. |
V1 |
|
|
Security Director does not display the correct time-zone when you change the time-zone using modify configuration. |
V1 |
|
|
The search functionality in Security Director does not work for newly configured rules. |
V1 |
|
|
The Security Director log filter does not work as expected for a particular timeframe. |
V1 |
|
|
Security Director fails to import the security policies with the object address 0.0.0.0/0. |
V1 |
|
|
Security Director updates the database with incorrect cyclic service group. |
V1 |
|
|
There are issues with VPN profiles authentication algorithm after you upgrade Security Director. |
V1 |
|
|
The search and find usage functionality in Security Director does not work as expected. |
V1 |
|
|
When the user configures a new IPsec VPN profile for route-based Hub and Spoke using the manual pre-shared key option, the output is set to multiple security IKE policies instead of only one security IKE policy. |
V1 |
|
|
Security Director deletes the NAT and security intelligence settings from SRX Series Firewalls when the user uses DMI schema 22.1R1.10. |
V1 |
|
|
Address object import from a CSV file fails. |
V1 |
|
|
The search functionality in Security Director does not work for newly created address objects. |
V1 |
|
|
When you view device changes, Security Director displays the Managed status as Device Changed for several devices. |
V1 |
|
|
Security Director fails to import the policies using zip file. |
V1 |
|
|
Security Director updates multiple policies even when you select only one policy for update. |
V1 |
|
|
Intrusion Detection and Prevention (IDP) signature continues to install the updates on SRX Series devices from IDP files even when the file transfer fails. |
V1 |
|
|
Update to the Logical System (LSYS) fail at times in Security Director. |
V1 |
|
|
User is unable to change the destination address for static NAT rules in Security Director. |
V1 |
|
|
When you change the sequence of three or more set of rules in the Security Director, the changed order does not appear correctly after saving the changes. |
V1 |
|
|
User is unable to search for an object in Security Director even when the objects exist in Shared Objects. |
V1 |
|
|
Security Director fails to import the policy zip files with more than 20000 rules. |
V1 |
|
|
SRX series devices do not show any data in the Intrusion Prevention System (IPS) report with log event IDP_ATTACK_LOG_EVENT_LS. |
V1 |
|
|
When you try to preview, publish, or update configuration in Security Director, it fails with an error. |
V1 |
|
|
Security Director fails to publish the SRX series cluster policy with |
V1 |
If the hot patch contains a UI fix, then you must clear the Web browser’s cache to reflect the latest changes.