This section lists the known behaviors, system maximums, and limitations in hardware and software in Junos OS Release 20.1R1 for vSRX.
User Access and Authentication
On vSRX 3.0 running on Azure, there might be one more IP address 22.214.171.124 configured on fxp0 intermittently besides the IP assigned by DHCP, which would cause CLI upgrade failure when HSM is enabled. PR1461678
For vSRX3.0 on Azure, when HSM is enabled, do not use underscore "_” in the certificate id field while creating keypairs. This is a limitation from Azure KeyVault. PR1475254
vSRX on Azure Cloud currently does not support deployment using SSH Public Key as the authentication type for the administrator account. Only Password authentication is supported during the initial deployment. Refer to the TSB at: TSB17731.
You can configure SSH Public Key authentication on the vSRX once the vSRX is deployed. For instructions, please refer to the KB article at KB35522.
The Azure Backup function is currently not supported on vSRX. Refer to the TSB at: TSB17731.
Flow-Based and Packet-Based Processing
On vSRX, when using IPsec VPN tunnels, we recommend that you use GCM encryption algorithms, such as aes-128-gcm. These algorithms have better performance on vSRX than CBC encryption algorithms, such as aes-128-cbc. PR1444022
When a dynamic application is created for an edited policy rule, the list of services will be blank when the Services tab is clicked and then the policy grid will be autorefreshed. As a workaround, create a dynamic application as the last action while modifying the policy rule and click the Save button to avoid loss of configuration changes made to the policy rule. PR1460214
vSRX Limitations in Junos Space Security Director Integration with vSRX
The following vSRX features are not supported in Junos Space Security Director:
Application QoS (AppQoS)
Layer 2 transparent mode
Specific Security Director limitations with respect to Application Firewall (AppFW), IDP, and UTM features:
UTM database updates are not supported.
Application ID (AppID) custom signatures are not supported.
In Junos Space Security Director, for IPsec and routing features, certificates for AutoVPN must be generated from the CLI. All other IPsec settings can be configured using Junos Space Security Director.