What's Changed

Learn about what changed in Junos OS main releases for cSRX.

This section lists the changes in behavior of Junos OS features and changes from Junos OS Release 20.1R1 for the cSRX.

Application System Cache for Application Services (SRX Series and cSRX Instances)

Starting with Junos OS 18.2R1, the default behavior of the ASC has changed as follows:

Security services such as security policies, application firewall (AppFW), Juniper Sky ATP, IDP, and UTM do not use the ASC by default.
Miscellaneous services such as APBR and AppTrack use the ASC for application identification by default.

Note

The change in the default behavior of the ASC affects the legacy Application Firewall (AppFW) functionality. With the ASC disabled by default for the security services starting in Junos OS Release 18.2, the AppFW will not use the entries present in the ASC.

You can revert to the ASC behavior as in Junos OS releases prior to 18.2 by using the set services application-identification application-system-cache security-services command.

Caution

The SRX Series device might become susceptible to application evasion techniques if the ASC is enabled for security services. We recommend that you enable the ASC only when the performance of the device in its default configuration (disabled for security services) is not sufficient for your specific use case.

Use the following commands to enable or disable the ASC:

Enable the ASC for security services:
Disable the ASC for miscellaneous services:
Disable the enabled ASC for security services:
Enable the disabled ASC for miscellaneous services:

You can use the show services application-identification application-system-cache command to verify the status of the ASC.

The following sample output provides the status of the ASC:

user@host>show services application-identification
application-system-cache

For Junos OS releases prior to 18.2R1, application caching is turned on by default. You can manually turn this caching off using the CLI.