Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Junos OS Features Supported in cSRX for Contrail HBF

cSRX provides Layer 4 through 7 secure services for a Contrail HBF in a containerized environment.Table 1 provides a high-level summary of the security features supported on cSRX.

To determine the Junos OS features supported on cSRX, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. See Feature Explorer.

Table 1: Security Features Supported on cSRX HBF

Security Features


Application Tracking (AppTrack)

Understanding AppTrack

Application Firewall (AppFW)

Application Firewall Overview

Application Identification (AppID)

Understanding Application Identification Techniques

Basic Firewall Policy

Understanding Security Basics

Brute force attack mitigation

DoS/DDoS protection

DoS Attack Overview

DoS Attack Overview

Intrusion Prevention System (IPS)

For SRX Series IPS configuration details, see:

Understanding Intrusion Detection and Prevention for SRX Series


Understanding IPv4 Addressing


Supports two revenue (ge) interfaces.

Out-of-band management Interface (eth0

In-band interfaces (ge-0/0/0 to ge-0/0/1)

Jumbo Frames

Understanding Jumbo Frames Support for Ethernet Interfaces

SYN cookie protection

Understanding SYN Cookie Protection

Malformed packet protection


Supports secure-wire mode forwarding only.

Unified Threat Management (UTM)

Includes support for all UTM functionality on the cSRX platform, such as:

  • Antispam

  • Sophos Antivirus

  • Web filtering

  • Content filtering

For SRX Series UTM configuration details, see:

Unified Threat Management Overview

For SRX Series UTM antispam configuration details, see:

Antispam Filtering Overview

User Firewall

Includes support for all user firewall functionality on the cSRX platform, such as:

  • Policy enforcement with matching source identity criteria

  • Logging with source identity information

  • Integrated user firewall with active directory

  • Local authentication

For SRX Series user firewall configuration details, see:

Overview of Integrated User Firewall

Zones and Zone based IP spoofing

Understanding IP Spoofing