SDX 7.1.0 Release Notes > Release 7.1.0 > Known Problems and Limitations

Known Problems and Limitations

This section identifies known problems and limitations in this release.

C-Web Interface

• Modifications to parts of the configuration tree do not appear automatically.

In cases where editing one part of the configuration tree automatically creates modifications in other parts of the configuration tree, you must click Refresh to see the modifications in the other parts of the configuration tree.

Reference: TIC 13881

• Cannot modify action configuration options with Internet Explorer.

When you use the C-Web interface with Microsoft Internet Explorer, you cannot configure rate-limit actions that are specified by parameter, because the action option is not configurable with Internet Explorer.

Workaround: Use the C-Web interface with Firefox instead. You can also use the SRC CLI.

Reference: TIC 14365

• Links in the SRC-PE C-Web Interface Configuration Guide do not work.

The links in the SRC-PE C-Web Interface Configuration Guide on the SRC-PE Documentation CD and the Web page do not work.

Reference: None

eTrust Directory

• When you first configure an action with Policy Editor, make sure that you fill in a value for the Description field. If the Description field is not filled in when you first create the action, some of the attributes might not be saved to eTrust Directory. Subsequent configuration changes to this type of action do not require you to fill in the Description field.

Reference: TIC 12056

Juniper Networks Database

• Cannot change the Juniper Networks database mode from standalone to community.

To change from standalone to community mode, you must commit the change from standalone mode before you configure the Juniper Networks database in community mode.

Reference: TIC 13981

• Certificate is not distributed when Juniper Networks database is using strict security.

When the Juniper Networks database is configured to allow only LDAPS access, the certificate is not being distributed to the trusted CA certificate store of the external applications. To connect to Juniper Networks databases through LDAPS from an application outside the C-series Controller, you must import the Juniper Networks database CA certificate into the application's trusted CA certificate store.

To import the CA certificate, use the file copy command from the SRC CLI. The CA certificate is in the /opt/UMC/jdb/alias/<hostname>_DS.p12 file (in pkcs12 format) on the controller, where hostname is the hostname of the C-series Controller. All Juniper Networks databases use the same CA certificate, so you need to import the CA certificate only once to allow the external application to connect to any Juniper Networks database with LDAPS.

Reference: TIC 14283

SAE

• The NAS-Port attribute is not supported for JUNOSe routers.

The NAS-Port attribute is not supported for JUNOSe interfaces. As a result, the PA_NAS_PORT plug-in attribute and the interface.nasPort subscriber attribute cannot be used.

Workaround: Use the NAS-Port-ID attribute instead.

For information about the attributes, see the SRC-PE Subscribers and Subscriptions Guide.

Reference: TIC 12112

• Two identical interfaces are created for dual-stack interface on JUNOSe routers.

When a dual-stack interface is defined for JUNOSe interfaces, the SAE creates two identical interfaces.

Reference: TIC 13901

• Assertion error occurs with fast resynchronization and empty policy lists.

With fast resynchronization, some inconsistencies may arise during cleanup that allow for a proper recovery during full synchronization. This assertion error indicates that there were empty policy lists.

Reference: TIC 13950

SNMP

• MIB object juniSaeRouterCommonSvrAddr cannot be read for JUNOSe routers.

SNMP GET/GETNEXT requests for the MIB object juniSaeRouterCommonSvrAddr for JUNOSe routers return a No Such Name error.

Reference: TIC 12789

Subscriber Configuration

• When you configure a manager with the SRC CLI, you cannot add a manager without specifying an option.

Workaround: Specify an option when you enter the command to add a manager at the appropriate hierarchy level.

For example, to add a manager called abcmgr in the ABCInc enterprise:

[edit subscribers retailer default subscriber-folder local enterprise ABCInc]

user@host# set manager abcmgr role administrator 

Note the administrator management privileges that are specified as an option for the manager.

Reference: TIC13646

Substitutions

• When you configure a substitution that contains metacharacters with the SRC CLI, the XML output does not always display these characters properly.

Workaround: Specify an escape character before the metacharacter, such as a curly bracket.

For example, the following substitution:

[edit subscribers retailer ret1 subscriber-folder f1]

user@host# set substitution [trafficprofile='\"name=test\"' 
parammap=^\{applicationProtocol='\"ftp\"',sourcePort=123,inactivityTimeout
=60\}] 

should result in the following XML output:

[edit subscribers retailer ret1 subscriber-folder f1]

user@host# show |display xml 

<?xml version="1.0"?>

<configuration>

  <subscribers>

    <retailer>

      <name>ret1</name>

      <subscriber-folder sdx:current="true">

        <folder-name>f1</folder-name>

        <substitution>trafficprofile=&quot;name=test&quot;</substitution>

        <substitution>parammap=^{applicationProtocol=&quot;ftp&quot;,

sourcePort=123,inactivityTimeout=60}</substitution>

      </subscriber-folder>

    </retailer>

  </subscribers>

</configuration>

Reference: TIC13985