Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

What's Changed

Learn about changes to Connected Security Distributed Services (CSDS) Architecture in this release.

  • No support for enhanced-mode with Express Path (MX304 and vSRX 3.0)—In the CSDS Architecture, vSRX Virtual Firewall cannot offload sessions to the MX Series router when you configure egress and ingress filters on the firewall. The firewall doesn't support the enhanced-mode option at the [edit firewall inet filter filter-name] hierarchy. The behavior of the Express Path in vSRX Virtual Firewall is similar to the functionality in SRX Series Firewalls without the enhanced-mode option.

  • Run CSDS CLI commands as root user (MX240, MX304, MX480, MX960, MX10004, and MX10008)—Run CSDS CLI operations as the root user to ensure successful execution of maintenance commands for key exchange, authentication, and JDM interactions.

    Run the following commands as root user:

    • request csds authenticate-host csds-instance-id csds-instance-id

    • request csds jdm add csds-instance-id csds-instance-id image vsrx-image-with-path

    • request csds add-vsrx csds-instance-id csds-instance-id image image-name

    • request csds extract-vsrx-keys csds-instance-id csds-instance-id

    • request csds sync-controller other-controller-ip other-controller-ip

    • request csds delete-vsrx csds-instance-id csds-instance-id

    If a non-root user runs these commands, you'll see the following warning message:

    warning: Must be logged in as root to execute command.

    [See request csds add-vsrx, request csds authenticate-host, request csds delete-vsrx, request csds extract-vsrx-keys, request csds jdm, and request csds sync-controller.]