Changes in Behavior and Syntax
This section lists the changes in behavior of Junos OS features and changes in the syntax of Junos OS statements and commands from Junos OS Release 17.4R2.
IP Monitoring—Starting with Junos OS Release 17.4R2, on all SRX Series devices, if the reth interface is in bundled state, IP monitoring for redundant groups is not supported on the secondary node. This is because the secondary node sends reply using the lowest port in the bundle which is having a different physical MAC address. The reply is not received on the same physical port from which the request is sent. If the reply comes on the other interface of the bundle, then the internal switch drops it.
Power Entry Module—Starting with Junos OS Release 17.4R2, when you use DC PEM on SRX Series devices operating in chassis cluster mode, the output of show chassis power command shows DC input: 48.0 V input (57000 mV). The value 48.0 V input is a fixed string and can be interpreted as a measured input voltage. The acceptable range of DC input voltage accepted by the DC PEM is 40 to 72 V. The (57500 mV) is a measured value, but is not related with the input. It is the actual output value of the PEM and the value is variable. The DC input: from show chassis power and Voltage: information from show chassis environment pem command output are removed for each PEM.
SRX5400, SRX5600, and SRX5800 devices operating in a chassis cluster might encounter the em0 or em1 interface link failure on either of the nodes, which results in split-brain condition. That is, both devices are unable to detect each other. If the failure occurs on the secondary node, the secondary node is moved to the disabled state.
This solution does not cover the following cases:
em0 or em1 failure on primary node
HA process restart
Control link recovery
Custom Attack (SRX Series)—Starting with Junos OS Release 17.4R2, the maximum number of characters allowed for a custom attack object name is 60. You can validate the statement using the CLI set security idp custom-attack command.
Forwarding and Sampling
Support for Address Resolution Protocol (ARP) throttle and ARP detect [SRX5400, SRX5600, and SRX5800]—Starting in Junos OS Release 17.4R2, an ARP throttling mechanism is introduced for SRX Series devices.
Excessive ARP processing results in high utilization of Routing Engine CPU resources, resulting in deprivation of CPU resources to other Routing Engine processes. To provide protection against excessive ARP processing, you can now use the following configuration statements:
edit forwarding-options next-hop arp-throttle seconds
edit forwarding-options next-hop arp-detect milliseconds
We recommend that only advanced Junos OS users attempt to configure the ARP throttle and ARP detect feature. An improper configuration could result in high CPU utilization of the Routing Engine, which could affect other processes on your device.
System log host support (SRX300, SRX320, SRX340, SRX345 Series devices)— Starting in Junos OS Release 17.4R2, when the device is configured in stream mode, you can configure maximum of eight system log hosts.
In Junos OS Release 17.4R1 and earlier releases, you can configure only three system log hosts in the stream mode. If you configure more than three system log hosts, then the following error message is displayed error: configuration check-out failed.
User Interface and Configuration
Junos OS prohibits configuring ephemeral configuration database instances that use the name default (SRX Series)—Starting in Junos OS Release 17.4R2, user-defined instances of the ephemeral configuration database, which are configured using the instance instance-name statement at the [edit system configuration-database ephemeral] hierarchy level, do not support configuring the name default.