Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Behavior


This section lists the known behaviors, system maximums, and limitations in hardware and software in Junos OS Release 20.1R1 for vSRX.

User Access and Authentication

  • On vSRX 3.0 running on Azure, there might be one more IP address configured on fxp0 intermittently besides the IP assigned by DHCP, which would cause CLI upgrade failure when HSM is enabled. PR1461678

  • For vSRX3.0 on Azure, when HSM is enabled, do not use underscore "_” in the certificate id field while creating keypairs. This is a limitation from Azure KeyVault. PR1475254

  • vSRX on Azure Cloud currently does not support deployment using SSH Public Key as the authentication type for the administrator account. Only Password authentication is supported during the initial deployment. Refer to the TSB at: TSB17731.

    You can configure SSH Public Key authentication on the vSRX once the vSRX is deployed. For instructions, please refer to the KB article at KB35522.

  • The Azure Backup function is currently not supported on vSRX. Refer to the TSB at: TSB17731.

Flow-Based and Packet-Based Processing

  • On vSRX, when using IPsec VPN tunnels, we recommend that you use GCM encryption algorithms, such as aes-128-gcm. These algorithms have better performance on vSRX than CBC encryption algorithms, such as aes-128-cbc. PR1444022


  • When a dynamic application is created for an edited policy rule, the list of services will be blank when the Services tab is clicked and then the policy grid will be autorefreshed. As a workaround, create a dynamic application as the last action while modifying the policy rule and click the Save button to avoid loss of configuration changes made to the policy rule. PR1460214

vSRX Limitations in Junos Space Security Director Integration with vSRX

The following vSRX features are not supported in Junos Space Security Director:

  • Application QoS (AppQoS)

  • Layer 2 transparent mode

Specific Security Director limitations with respect to Application Firewall (AppFW), IDP, and UTM features:

  • UTM database updates are not supported.

  • Application ID (AppID) custom signatures are not supported.

In Junos Space Security Director, for IPsec and routing features, certificates for AutoVPN must be generated from the CLI. All other IPsec settings can be configured using Junos Space Security Director.