Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

New and Changed Features

 

This section describes new features and enhancements to existing features in Junos OS Release 17.3R1 for vSRX.

New Features for Junos OS Release 17.3R1 for vSRX

Junos OS Release 17.3R1 for vSRX is at feature parity with Junos OS Release 15.1X49-D90 for vSRX.

This section describes new features in Junos OS Release 17.3R1 for vSRX.

vSRX on Microsoft Azure Cloud

Microsoft Azure Cloud support—Starting in Junos OS Release 17.3R1 for vSRX, you can add a vSRX virtual security appliance to a Microsoft Azure virtual network to provide networking security features. The vSRX protects the workloads that run within the virtual network on the Microsoft Azure Cloud.

[See vSRX Guide for Microsoft Azure Cloud]

Note

For the initial release of vSRX on Microsft Azure, only the BYOL model is supported.

vSRX on Microsoft Hyper-V

Microsoft Hyper-V support—Starting in Junos OS Release 17.3R1 for vSRX, you can add a vSRX virtual security appliance to a Microsoft Hyper-V Server 2012 R2 or Hyper-V Server 2012 to provide networking security features for the virtualized server computing environment. The vSRX VM runs on Microsoft Hyper-V as a child partition.

[See vSRX Guide for Microsoft Hyper-V]

Note

Please note that vSRX chassis clustering is not supported on Microsoft Hyper-V Server 2012 R2 or Hyper-V Server 2012.

vSRX on KVM Scale-Up Performance Enhancements

vSRX on KVM: support for 8 vCPUs and 16 GB vRAM and PCI passthrough support —Starting in Junos OS Release 17.3R1 for vSRX, the vSRX virtual appliance supports the following functionality 1 control plane vCPU, 8 data plane vCPUs, 16 GB vRAM, and Peripheral Component Interconnect (PCI) passthrough support (Intel XL710 NICs). In addition, vSRX now provides support for Intel X710/XL710 physical NICs for SR-IOV.

[See vSRX Guide for KVM.]

IDP

IPS signature package update (SRX Series and vSRX instances)—Starting in Junos OS Release 17.3R1, when you upgrade from Junos OS Release 12.3X48 or 15.1X49 to Junos OS Release 17.3 or downgrade from Junos OS Release 17.3 to Junos OS Release 12.3X48 or 15.1X49, you must update the IPS signature package to avoid any IDP configuration commit failures. Update the IPS signature package by:

  • Downloading the IPS signature package

  • Installing the IPS signature package update when the download completes

Note

When you upgrade from Junos OS Release 15.1X49 to Junos OS Release 17.3, the following warning message is displayed:

WARNING: A full install of the security package is required after reboot.

WARNING: Please perform a full update of the security package using

WARNING: "request security idp security-package download full-update"

WARNING: followed by

WARNING: "request security idp security-package install"

[See Managing the IPS Signature Database (CLI).]

Junos OS XML API and Scripting

Support for Python language for commit, event, op, and SNMP scripts (SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX instances)—Starting in Junos OS Release 17.3R1, you can author commit, event, op, and SNMP scripts in Python on devices that include the Python extensions package in the software image. Creating automation scripts in Python enables you to take advantage of Python features and libraries as well as leverage Junos PyEZ APIs supported in Junos PyEZ Release 1.3.1 and earlier releases to perform operational and configuration tasks on devices running Junos OS. To enable execution of Python automation scripts, which must be owned by either root or a user in the Junos OS super-user login class, configure the language python statement at the [edit system scripts] hierarchy level, and configure the filename for the Python script under the hierarchy level appropriate to that script type. Supported Python versions include Python 2.7.

[See Understanding Python Automation Scripts for Devices Running Junos OS.]

Management

Support for adding non-native YANG modules to the Junos OS schema (SRX345, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX instances)—Starting in Junos OS Release 17.3R1, you can load custom YANG models on devices running Junos OS to add data models that are not natively supported by Junos OS but can be supported by translation. Doing this enables you to extend the configuration hierarchies and operational commands with data models that are customized for your operations. The ability to add data models to a device is also beneficial when you want to create device-agnostic and vendor-neutral data models that enable the same configuration or RPC to be used on different devices from one or more vendors. You can load custom YANG modules by using the request system yang add operational command.

[See Understanding the Management of Non-Native YANG Modules on Devices Running Junos OS.]

User Interface and Configuration

Support for configuring the ephemeral database using the NETCONF and Junos XML protocols (SRX300, SRX320, SRX340, SRX345, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX instances)—Starting in Junos OS Release 17.3R1, NETCONF and Junos XML protocol client applications can configure the ephemeral configuration database, which is an alternate configuration database that enables multiple clients to simultaneously load and commit configuration changes on a device running Junos OS and with significantly greater throughput than when committing data to the candidate configuration database. Junos OS provides a default instance and up to eight user-defined instances of the ephemeral configuration database. The device’s active configuration is a merged view of the committed configuration database and the configuration data in all instances of the ephemeral configuration database. Ephemeral configuration data is volatile and is deleted upon rebooting the device.

[See Understanding the Ephemeral Configuration Database.]

vSRX Architecture Illustration

vSRX Architecture

Figure 1 is a high-level illustration of the vSRX architecture as of Junos OS Release 17.3R1.

Figure 1: vSRX Architecture



vSRX Architecture

Supported Features

For details about Junos OS features supported on vSRX, see Feature Explorer: vSRX.

Supported Features References

Table 1 lists documentation references to Junos OS features that are supported on vSRX. See Known Behavior and SRX Series Features Not Supported on vSRX for specific support limitations.

Note

Some vSRX features require a license. See vSRX License Model Numbers for more details.

Table 1: Documentation References for Junos OS Features Supported on vSRX

Feature

Feature Documentation

vSRX Platform

Application Firewall (AppFW)

Application Firewall Overview

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Application Identification (AppID)

Understanding Application Identification Techniques

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Application Layer Gateways (ALGs)

ALG Overview

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Application Quality of Service (AppQoS)

Understanding Application QoS (AppQoS)

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Attack Detection and Prevention (ADP)

Attack Detection and Prevention Overview

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Chassis cluster support for Virtio driver

Chassis Cluster Overview

KVM

Chassis cluster support for VMXNET3 driver

Chassis Cluster Overview

VMware

Class of service (CoS)

Understanding Class of Service

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Dynamic Host Configuration Protocol (DHCP)

Understanding Interfaces

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Flow and packet processing

Juniper Networks Devices Processing Overview

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Intrusion Detection and Prevention (IDP)

Understanding Intrusion Detection and Prevention

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

IPsec VPN

IPsec VPN Overview

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Multiprotocol Label Switching (MPLS)

MPLS Overview

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Multicast

Multicast Overview

VMware, KVM, and Contrail

Network Address Translation (NAT)

Introduction to NAT

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Routing protocols

Junos OS Routing Protocols Library

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Security building bocks

Understanding Security Basics

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Transparent mode

Ethernet Switching and Layer 2 Transparent Mode Overview

VMware, KVM, and Contrail

Unified Threat Management (UTM)

Unified Threat Management Overview

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

User authentication

Understanding User Authentication for Security Devices

VMware, KVM, Contrail, AWS, Azure, and Hyper-V

Unsupported Features

While vSRX supports many of the Junos OS features supported on other SRX Series devices, not all features are supported. For information about Junos OS features that are not supported on vSRX, see SRX Series Features Not Supported on vSRX.

Changes in Behavior and Syntax

For the most complete and latest information about changes in command behavior and syntax applicable to all SRX Series platforms in Junos OS Release 17.3R1, see Changes in Behavior and Syntax for SRX  .