Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 

Changes in Behavior and Syntax

This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 15.1X49-D10.

User Interface and Configuration

  • Prior to Junos OS Release 15.1X49-D10, if you configured user-defined identifiers through the CLI using the reserved prefix, the commit would incorrectly succeed. Starting with Junos OS Release 15.1X49-D10 and later releases you cannot use "junos-" anywhere in the configuration except inside the "junos-defaults" group configurations. The CLI configurations will now exhibit the correct behavior by providing a commit error when “junos-“ is used.

Layer 2 Features

  • Layer 2 next-generation CLI—Starting with Junos OS Release 15.1X49-D10, only Layer 2 next-generation CLI configurations are supported on SRX5400, SRX5600, and SRX5800 devices. Legacy Layer 2 transparent mode configuration statements and operational commands are not supported. If you enter legacy configurations in the CLI, the system displays an error and fails to commit the configurations.

    For example, the following configurations are no longer supported:

    • set bridge-domain
    • set interfaces ge-1/0/0 unit 0 family bridge
    • set vlans vlan-1 routing-interface

    Use the SRX L2 Conversion Tool to convert legacy Layer 2 CLI configurations to Layer 2 next-generation CLI configurations.

    The SRX L2 Conversion Tool is available at http://www.juniper.net/support/downloads/?p=srx5400#sw .

    For more information, refer to the Knowledge Base article at http://kb.juniper.net/InfoCenter/index?page=content&id=KB30445 .

    [See Layer 2 Bridging and Transparent Mode for Security Devices PDF Document .]

Network Time Protocol

  • Starting in Junos OS Release 15.1X49-D10, on all SRX Series devices, when the NTP client or server is enabled in the [edit system ntp] hierarchy, the REQ_MON_GETLIST and REQ_MON_GETLIST_1 control messages supported by the monlist feature within the NTP client or server might allow remote attackers, causing a denial of service. To identify the attack, apply a firewall filter and configure the router's loopback address to allow only trusted addresses and networks.

System Management

  • During a load override, to enhance the memory for the commit script, you must load the configuration by applying the following commands before the commit step:
    set system scripts commit max-datasize 800000000
    set system scripts op max-datasize 800000000
  • On all SRX Series devices in transparent mode, packet flooding is enabled by default. If you have manually disabled packet flooding with the set security flow bridge no-packet-flooding command, then multicast packets such as OSPFv3 hello packets are dropped.

Related Documentation

Modified: 2016-12-21