Idefix last edited by
does anyone know when ScreenOS 5.4.0r3 will be released?
rodcox825 last edited by
Anyone have any serious issues with upgrading NS-50 (cluster/stand-alone), NS-204, and NS-208 (cluster/stand-alone) to 5.4.0r3a? We need policy based routing but have gotten a “feel” from some Juniper TAC’s that they are recommending the 5.3 train.
martijndehaas last edited by
mwdmeyer last edited by
5.4.0r3a is now out.
Cyberman last edited by
Where can I download the actual ScreenOS? I’m still running 5.1.0r1 I think. Can someone give me a link or ftp?
sighup9 last edited by
It is available now…
I installed it on a 5GT-201 at home and all is well. MRTG stats work properly (they did not in 5.4.0r2). I was running 5.4.0r1 since it came out.
I’m planning upgrading a semi-production NS-204 at a hosting facility in the coming weeks.
afunk last edited by
JTAC Technical Bulletin SRN-2007-02-009
Title ScreenOS 5.4.0r3 has been removed from the download website
SRN Description : Reports of problems logging into the device via the WebUI, using HTTPS has made it necessary to pull the 5.4.0r3 release from the download website. HTTPS connections to the firewall device for administrative purposes may fail.
Solution: There will be a repaired version of ScreenOS posted the week of 2/12/07. The new version will be named 5.4.0r3a
Solution Implementation: Workaround for customer needing 5.4.0r3
Log in via HTTP
Log out of the HTTP session
Using the same Login credentials, log in via HTTPS. After proper Authentication, you will be logged into the WebUI via HTTPS.
sebastan_bach last edited by
probably they will fix the https bug and end with a new bug while trying to solve the older one. they took so much time to release the new 5.4.0r3 and got with so many bugs and hardly any new features man.
cisco is really trying to improve the code for asa in 8.0 code.
their 7.2.2 code didn;t have any new features but was purely a bug fixing release.
i guess juniper should try it;s best to not piss off their loyal customers cause there are many more options in the market which are equally good, and less expensive too.
cisco try to get such irritated customers of juniper . cause juniper is far behind in giving quality support as compared to cisco.
juniper is not at all a customer oriented company .
Wow, that’s a big step to pull it. Still, seeing as it’s something almost everyone uses I’m not that shocked.
Thanks for the update. Maybe r3a will be the version I have been waiting for…
Or maybe they’ll break ICMP.
Well, it’s official, Juniper pulled the 5.4r3 code off their site because of the https issue. They are releasing a fix next week: 5.4r3a, hopefully after they QA it for a while.
Yes, I’m using self-signed certs on the boxes. It’s definitely a bug, Juniper knows it, but I don’t have any word on a patch or when 5.4r4 is due out. What pisses me off is this release was needed to fix the DST 2007 problem for the 5.4 train, but they can’t get something as simple as https admin working. I’m about done with Juniper firewalls, although I’m still clinging on for hope. I like the Peribits and I like the SSL boxes, but Juniper’s QA and roadmap for security and security management(NSM) leaves a lot to be desired.
@oldo: Yea I tried playing with both the NS generated cert and 2 other certs I’d created. None of them worked correctly.
To be fair though I got pissed off with the whole thing fairly quickly and just went back to 5.3, so I didn’t test it heavily.
oldo last edited by
Could it be you guys are using the self-signed certificate in the box? The two boxes I upgraded both work fine, but both of them have bogus openssl signed certificates. As mentioned before, no problems with HTTPS, I have not disabled TLS1 in IE. Any thoughts on this?
jensskov last edited by
I had this up with Tier2 and they found out that it’s an error. A workaround is to disable TLS1 in IE advanced settings.
well, there is a workaround I discovered, it’s silly, but here goes:
Admin the Netscreen by console, ssh or http, then:
1. enable http->https redirect
2. ensure web manage is enabled on your management interfaces along with ssl
3. connect to the Netscreen using http, you will get redirected to https and then logon normally.
4. try connecting again, this time with just https:// (viola!..it works)
if you reset the Netscreen you have to repeat steps 3 and 4 again.
Engineering is going to look pretty stupid with this one….expect a fix very soon.
There’s no solution I can find, nope.
I agree with what junipoint said, I just can’t understand how you can cock something so simple up.
I am still back down at 5.3 because for me it’s “bug free”
jensskov last edited by
I just upgraded my SSG5 from r2 to r3 and I have the problem you are describing.
Has anyone found a solution?
melibokus last edited by
Has anyone viewed the self-signed cert that is being generated to look at the timestamp? I wonder if the cert is being created with a timestamp one hour in the future……
I tried to load 5.4.0r3 onto an SSG5 and it failed the first time. Possibly because I’m upgrading from an engineering release… not quite sure.
I just upgraded an SSG520 and a a 5GT and can’t login to the web interface using https, http works fine.(IE6 and firefox 2.0). I opened a case on it. Bugs like these are starting to make me wonder where ScreenOS is headed…if they can’t QA something as simple as the WebUI on a new release…what else should we expect?
I tried with https and I have no problems. This is using the self-signed certs, and with Firefox 2. Also tried with IE6, and it works fine.