Learn about what changed in Junos OS main releases for cSRX.
This section lists the changes in behavior of Junos OS features and changes from Junos OS Release 20.2R1 for the cSRX.
Application System Cache for Application Services (SRX Series and cSRX Instances)
Starting with Junos OS 18.2R1, the default behavior of the ASC has changed as follows:
Security services such as security policies, application firewall (AppFW), Juniper Sky ATP, IDP, and UTM do not use the ASC by default.
Miscellaneous services such as APBR and AppTrack use the ASC for application identification by default.
The change in the default behavior of the ASC affects the legacy Application Firewall (AppFW) functionality. With the ASC disabled by default for the security services starting in Junos OS Release 18.2, the AppFW will not use the entries present in the ASC.
You can revert to the ASC behavior as in Junos OS releases prior to 18.2 by using the set services application-identification application-system-cache security-services command.
The SRX Series device might become susceptible to application evasion techniques if the ASC is enabled for security services. We recommend that you enable the ASC only when the performance of the device in its default configuration (disabled for security services) is not sufficient for your specific use case.
Use the following commands to enable or disable the ASC:
Enable the ASC for security services:user@host# set services application-identification application-system-cache security-services
Disable the ASC for miscellaneous services:user@host# set services application-identification application-system-cache no-miscellaneous-services
Disable the enabled ASC for security services:user@host# delete services application-identification application-system-cache security-services
Enable the disabled ASC for miscellaneous services:user@host# delete services application-identification application-system-cache no-miscellaneous-services
You can use the show services application-identification application-system-cache command to verify the status of the ASC.
The following sample output provides the status of the ASC:
user@host>show services application-identification application-system-cache
Application System Cache Configurations: application-cache: on Cache lookup for security-services: off Cache lookup for miscellaneous-services: on cache-entry-timeout: 3600 seconds
For Junos OS releases prior to 18.2R1, application caching is turned on by default. You can manually turn this caching off using the CLI.