Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] NSM Warning: 'VLAN Tag Option not available on stand alone IDP4.0 and ISG devices. Will be trimmed before an Update Device.'

0

0

Article ID: KB14861 KB Last Updated: 10 Oct 2020Version: 4.0
Summary:

Configuring IDP policy, the following warning messages may appear in the IDP Policy depending on the NSM version:

"VLAN Tag Option not available on stand alone IDP4.0 and ISG devices. Will be trimmed before an Update Device."

OR

"VLAN Tag Option not available on J/SRX Series, stand alone IDP4.0 and ISG devices. Will be trimmed before an Update Device."

Symptoms:
The following platforms do not support VLAN Tag on the IDP rules:
  • IDP4.0
  • ISG
  • J Series
  • SRX Series
This means the IDP rule will match regardless of the VLAN Tag present in the packet, and this is by design.

If the VLAN Tag option is configured in the rule, the option will not be taken into consideration during the IDP policy compilation phase.

Note that in this case the rule will be compiled and applied without error.
Solution:
This is by design, but it is still possible to choose which traffic sends to IDP inspection based on VLAN Tag configuring the appropriate FW policy for J/SRX and ISG platforms.

 
Modification History:
2020-10-09: Archived article.
2020-09-21: Article reviewed for accuracy; no changes required.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search