The errata list is a list of errors and their corrections that were found after the product was released.
The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.
| Version |
Location |
Description |
Submitted by |
Date submitted |
|
1
1st paragraph, 3rd sentence |
Chapter 1, paragraph 1, 3rd sentence reads:
"Despite what some competitive marketing campaigns have said, the is not dead, and it is every bit as necessary today as it was yesterday."
Possibly meant:
"Despite what some competitive marketing campaigns have said, the FIREWALL is not dead, and it is every bit as necessary today as it was yesterday."
|
Anonymous |
Jul 01, 2013 |
| Printed |
Page 1
1st paragraph, 3rd sentence, 9th word |
"Despite what some competitive marketing campaigns have said, the is not dead,..."
What is not dead? There seems to be a missing noun.
|
C.J. Adams-Collier |
May 30, 2014 |
|
1
Routing Instances section in Safari Books Online edition missing chapter |
The Routing Instnaces chapter indicates that Logical Systems is covered in its own chapter. There is no coverage of Ligical Systems in the book. This is a serious omission. The chapter doesn't exist.
|
Micah Cox |
Oct 20, 2014 |
|
2
4th paragraph |
Page 2, pargraph 4 starts of:
The aged gracefully over time, but it hit some important limits that prevented it from being the choice for the next-generation SRX Series products.
Missing subject. What has aged gracefully? The ScreenOS?
|
Anonymous |
Jul 01, 2013 |
| Printed |
Page 2
5th paragraph, 2nd word |
"The aged gracefully over time..."
What aged gracefully over time? There seems to be a noun missing.
|
C.J. Adams-Collier |
May 30, 2014 |
| PDF |
Page 7
1st Paragraph |
It utilizes a WAN ports to connect directly to the Internet service provider (ISP).
I believe it should read as:
It utilizes WAN ports to connect directly to the Internet service provider (ISP)
--or--
It utilizes a WAN port to connect directly to the Internet service provider (ISP)
|
Anthony Burke |
Apr 10, 2013 |
| PDF |
Page 167
2nd Paragraph |
Since the release of the SRX Juniper has been moving the
majority of its services into any other routing instances but do to the nature of how Junos
shares its code with other platforms (such as MX or EX) a few services remain in the
master VR.
It should read "due to the nature of", not do.
|
Anthony Burke |
Apr 10, 2013 |
| PDF |
Page 301
5th paragraph |
Regarding the content:
"Second, the option to do commit confirmed
is no longer allowed, which, as you know, allows for a rollback to the previous configuration
if things go wrong. Both are very nice features that are not available when in
clustering mode. The reason these are disabled is simple: stability."
Actually, this commit confirmed feature was requested as an enhancement from my company and it was attended - I believe it was done after version 11.4. We are currently using the feature in my company.
|
Rodrigo Mello |
Sep 29, 2013 |
| PDF |
Page 302
5th paragraph |
Regarding the content:
"Second, the option to do commit confirmed
is no longer allowed, which, as you know, allows for a rollback to the previous configuration
if things go wrong. Both are very nice features that are not available when in
clustering mode. The reason these are disabled is simple: stability."
Actually, this commit confirmed feature was requested as an enhancement from my company and it was attended - I believe it was done after version 11.4. We are currently using the feature in my company.
|
Rodrigo Mello |
Sep 29, 2013 |
| Printed |
Page 367
Diagram |
If if if I am right then the diagram is supposed to be showing 2 SRX100 boxes being connected to 2 networks in an HA pair.
The networks are Trust reth0 should be and is 10.0.1.0/24 and reth1 should be and is Untrust 10.0.2.0/24.
So the config looks right but the diagram is showing both sets of interfaces as reth0 and 2 networks both called Trust.
Or am i going mad.
Can you confirm that i have got this right.
Thanks
Simon
(great book though)
|
Simon Fitzgerald |
Sep 30, 2016 |
| Printed |
Page 383
5th paragraph |
in the configuration of address book, the address book name should be "trust" not "global"
wrong statement:
#set security address-book global ....
correct statement :
#set security address-book trust....
|
Red1 |
Nov 24, 2013 |
| Printed |
Page 413
last paragraph |
enabling ALG example is missing a keyword "enable" as below :
# set security alg sip enable
|
Red1 |
Nov 25, 2013 |
| Printed |
Page 509
Configuration output |
In the previous pages (pg. 506-508), both destination and source NAT configuration statements are entered. However, only the destination NAT configuration is shown on pg. 509 in the output of "show security nat".
|
Anonymous |
Dec 17, 2014 |
| PDF |
Page 519
First paragraph under Figure 11-2 |
Text reads:
"...whereas 25 would need to be maintained..."
Should read:
"...whereas 45 would need to be maintained..."
This is because the formula N(N-1)/2 in the example given would yield 10(10-1)/2 = 45
|
Adam White |
May 14, 2013 |
| Printed |
Page 550
4th paragraph, Advanced Encryption Standard (AES) |
"AES comes in different key bit lengths, most commonly 128, 256 and 384..."
384 bits is not a valid AES key length, this should read
"AES comes in different key bit lengths, most commonly 128, 192 and 256..."
|
Gavin Thirlwall |
May 07, 2014 |
| PDF |
Page 610
Item 10 |
Mistakenly used the term "Hardware" when "Software" should have been used.
The sentence reads in part "the hardware encryption engines can't support them so they are done in hardware."
The second reference for hardware should be replaced with software.
|
Kelly McDowell |
Jun 17, 2013 |
| Printed |
Page 652
1st paragraph |
Book says that IP option screens block packets. This for the most part it is not true. There are only two IP option screens that block traffic
- ip bad-option
- ip source-route-option
the rest
- ip loose-source-route-option
- ip strict-source-route-option
- ip record-route-option
- ip security-option
- ip stream-option
- ip timestamp-option
are only counting them.
Please Juniper's KB16119 for detailed description of IP options screens behaviour.
|
Wojciech Dudys |
Oct 27, 2016 |
| PDF |
Page 657
ICMP Flood Screen |
Used the word "asic", should say "cpu".
Sentence reads: "Junos only needs to process IP packets addressed to the firewall itself in the ASIC (and only if the FW is listening for ICMP on that port and doesn't have and access list configured to block it)."
ICMP packets addressed to the firewall are processed on the CPU.
|
Kelly McDowell |
Jun 17, 2013 |
| ePub |
Page 11138
location 11138 in Kindle Version -"Remote Access VPNs" |
"IPsec VPN allows a remote user to connect to a true site"
Woodberg, Brad; Cameron, Rob (2013-06-07). Juniper SRX Series (Kindle Location 11141). O'Reilly Media. Kindle Edition.
Should "true site" be "trusted site"?
|
Mike Lane |
Feb 05, 2014 |