Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

What's New

 

Learn about new features and enhancements to existing features introduced in Junos OS Release 20.1R1 for vSRX and vSRX 3.0.

For more information see Overview of the available virtual SRX models, vSRX and vSRX 3.0.

Logical and Tenant Systems

  • Support for logical systems and tenant systems (vSRX and vSRX 3.0)—Starting in Junos OS Release 20.1R1, you can configure logical systems and tenant systems on vSRX and vSRX 3.0 instances.

    With Junos OS, you can partition a single security device into multiple logical devices that can perform independent tasks. You can partition a single device into the following secure contexts:

    • Logical systems

    • Tenant systems

    Each logical system has its own discrete administrative domain, logical interfaces, routing instances, security firewall, and other security features. A tenant system provides logical partitioning of the SRX Series device into multiple domains similar to logical systems and provides high scalability.

    [See Junos OS Features Supported on vSRX, Logical Systems Overview, and Tenant Systems Overview.]

Management

  • Elastic Mode support with Resource Management (vSRX 3.0)—Starting in Junos OS Release 20.1R1, when vSRX 3.0 performs resource management, the vCPUs and RAM available to the instance are assigned based on what has been allocated prior to launching the instance. By implementing this enhancement, the CLI output of the show chassis hardware command will no longer display the fixed size of cores and memory used by the vSRX 3.0 that was displayed previously.

    In public cloud environments such as AWS, Azure and Google Cloud Platform, where there are fixed core and memory instance types on offer, the vSRX 3.0instance will perform resource management based on the available core and memory. Please refer to the public cloud documentation for more information on the configuration of vSRX 3.0 on supported instance types.

    [See show chassis hardware (View).]

User Access and Authentication

  • VPN support with Microsoft Azure Key Vault (HSM) (vSRX 3.0)—Starting in Junos OS Release 20.1R1, you can safeguard the private keys used by PKI daemon and IKED using Microsoft Azure Key Vault hardware security module (HSM) service. You can establish a PKI daemon-based VPN tunnel using the keypairs generated at the HSM. The HSM server creates, stores, and performs the needed keypair operations. To enable VPN support with HSM, you need to enable the master encryption key using the request security hsm master-encryption-password set plain-text-password configuration command. After you enable HSM, all the PKI daemons keypairs previously created are deleted.

    [See Deployment of Microsoft Hardware Security Module on vSRX 3.0.]

VPN

  • PowerMode IPsec support (vSRX 3.0)—Starting in Junos OS Release 20.1R1, PowerMode IPsec is a new mode of operation for vSRX instances that provides IPsec performance improvements using Vector Packet Processing (VPP) and Intel AES-NI instructions. PowerMode IPsec is a small software block inside the SRXPFE (SRX Series Packet Forwarding Engine) that is activated when PowerMode is enabled.

    You enable PowerMode IPsec processing by using the set security flow power-mode-ipsec command.

    Note

    To disable PowerMode IPsec processing, use the delete security flow power-mode-ipsec command to delete the statement from the configuration and then reboot the vSRX VM.

    [See Juniper Networks Devices Processing Overview and Understanding Power Mode IPsec.]

  • Support for authentication and cipher algorithms in PowerMode IPsec mode (vSRX 3.0)—Starting in Junos OS Release 20.1R1, you can use authentication algorithms (SHA1: hmac-sha1-96 and SHA2: hmac-sha-256-128) and cipher algorithms (aes-128-cbc, aes-192-cbc, and aes-256-cbc) along with all the existing ciphers in PowerMode IPsec (PMI) mode on vSRX3.0 instances.

    [See authentication (Security IPsec) and encryption (Security).]