Changes In Default Behavior and Syntax

CLI

• If more than 10 users logged into the router then not all the users are displayed in CLI.
• CLI Commands No Longer Supported

  The show dhcp relay and show dhcp server commands are no longer supported.

Flow and Processing

• On SRX650 devices, although the physical installed DRAM is 2 GB, and uboot detected is 2 GB, JUNOS software detects only 1GB.
• On SRX-series devices, the factory default for the maximum number of backup configurations allowed is 5. Therefore, you can have one active configuration and a maximum of five rollback configurations. Increasing this backup configuration number will result in increased memory usage on disk and increased commit time.

  To modify the factory defaults, use the following commands

  
  

  root@vidar7# set system max-configurations-on-flash number
  
  

  root@vidar7# set system max-configuration-rollbacks number

  Where max-configurations-on-flash indicates backup configurations to be stored in the configuration partition and max-configuration-rollbacks indicates the maximum number of backup configurations.

Interfaces and Routing

• On SRX-series devices, we need to minimize the number of writes to the flash device to ensure that we do not hit flash issues. Disable writing the logs to the flash by default. Options can be to write to memory or to a secondary device like USB or over the network.

Intrusion Detection and Prevention (IDP)

• Moving to compressed DFA—With compressed DFA, the application signature will have a different file name /var/db/idpd/bins/compressed_ai.bin, instead of the current /var/db/idpd/bins/compiled_ai.bin.

• Specifying service fields for custom attack definition in IDP—On SRX-series devices, while running commands in IDP, ensure that you provide the service field values in lowercase.

  Example:

  set security idp custom-attack temp severity info attack-type signature context packet direction any pattern .* protocol udp destination-port match equal value 1333

  Here the protocol service field value udp is specified in lowercase.

• The IDP ip-action statement is now supported on TCP, UDP, and ICMP flows. When the ip-action target is service, the ip-action flow is applied if the traffic matches the values specified for source port, destination port, source address and destination address. However, for ICMP flows, the destination port is 0, so that any ICMP flow matching source port, source address, and destination address would be blocked. For more information, see the JUNOS Software CLI Reference Guide.

J-Web

• For SRX 210, SRX 240, and SRX650 devices, the LED status for (Alarm, HA, 3g, Power Status and Power) shown in the front panel of chassis viewer will not replicate the exact status as we see in the device.