This section describes new features as well as enhancements to existing features starting in Junos OS Release 20.1R1 for cSRX support.
Monitoring and Troubleshooting
System logs and real-time logs support (cSRX)—Starting in Junos OS Release 20.1R1, cSRX supports system log messages (syslog messages) and real-time logs (rtlogs) to monitor traffic.
The cSRX Container Firewall inherits many of the branch SRX Series Junos OS features. This topic outlines the SRX Series features supported by cSRX along with the features that are not applicable in a containerized environment.
SRX Series Features Supported on cSRX
Table 1 provides a high-level summary of the feature categories supported on cSRX and any feature considerations.
To determine the Junos OS features supported on cSRX, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. See Feature Explorer.
Table 1: SRX Series Features Supported on cSRX
Application Firewall (AppFW)
Application Identification (AppID)
Application Tracking (AppTrack)
Basic firewall policy
Brute force attack mitigation
CLI only. No J-Web support.
Two revenue network interfaces (eth1 and eth2).
Intrusion Detection and Prevention (IDP)
For SRX Series IPS configuration details, see:
IPv4 and IPv6
Malformed packet protection
Network Address Translation (NAT)
For SRX Series NAT configuration details, see:
Basic Layer 3 forwarding with VLANs.
Layer 2 through 3 forwarding functions: secure-wire forwarding or static routing forwarding.
SYN cookie protection
For SRX Series user firewall configuration details, see:
Unified Threat Management (UTM)
For SRX Series UTM configuration details, see:
For SRX Series UTM antispam configuration details, see:
Zones and zone-based IP spoofing
SRX Series Features Not Supported on cSRX
Table 2 lists SRX Series features that are not applicable in a containerized environment, that are not currently supported, or that have qualified support on cSRX.
Table 2: SRX Series Features Not Supported on cSRX
SRX Series Feature
|Application Layer Gateways|
|Authentication with IC Series Devices|
Layer 2 enforcement in UAC deployments
Note: UAC-IDP and UAC-UTM also are not supported.
|Class of Service|
High-priority queue on SPC
|Data Plane Security Log Messages (Stream Mode)|
Flow monitoring cflowd version 9
Ping Ethernet (CFM)
Traceroute Ethernet (CFM)
|Ethernet Link Aggregation|
LACP in standalone or chassis cluster mode
Layer 3 LAG on routed ports
Static LAG in standalone or chassis cluster mode
|Ethernet Link Fault Management|
Physical interface (encapsulations)
|Flow-Based and Packet-Based Processing|
End-to-end packet debugging
Network processor bundling
Aggregated Ethernet interface
IEEE 802.1X dynamic VLAN assignment
IEEE 802.1X MAC bypass
IEEE 802.1X port-based authentication control with multisupplicant support
Interleaving using MLFR
PPPoE-based radio-to-router protocol
Promiscuous mode on interfaces
|IP Security and VPNs|
Acadia - Clientless VPN
Hardware IPsec (bulk crypto) Cavium/RMI
IPsec tunnel termination in routing instances
Multicast for AutoVPN
Suite B implementation for IPsec VPN
DS-Lite concentrator (also known as AFTR)
DS-Lite initiator (also known as B4)
|Log File Formats for System (Control Plane) Logs|
Binary format (binary)
Remote instance access
Juniper Sky ATP
Spotlight Secure integration
CCC and TCC
Layer 2 VPNs for Ethernet connections
|Network Address Translation|
Maximize persistent NAT bindings
Note: Only supported on physical interfaces and tunnel interfaces, such as gr, ip, and st0. Packet capture is not supported on a redundant Ethernet interface (reth).
BGP extensions for IPv6
BGP route reflector
Bidirectional Forwarding Detection (BFD) for BGP
Layer 3 Q-in-Q VLAN tagging
|Unified Threat Management|
|Upgrading and Rebooting|
Boot instance configuration
Boot instance recovery
Junos Space Virtual Director