Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?



  • Enhancements to increase traffic selector flexibility (SRX Series)—Starting in Junos OS Release 21.1R1, you can do the following to add flexibility to your traffic selectors in different deployment scenarios:

    • Configure the routing metric for a traffic selector.

    • Define the source port range, destination port range, and protocol for a traffic selector.

    • Define multiple terms within a traffic selector, instead of creating multiple traffic selectors (or child security associations or SAs) for a VPN. Each term comprises the local and remote IP prefixes, the source and destination port ranges, and the protocol identifier. You can use these parameters in a single IPsec SA negotiation. In earlier Junos OS releases, you configure each traffic selector with one set of local and remote IP prefixes to be used in an IPsec SA negotiation with a peer.

    [See traffic-selector and show security ipsec security-associations detail.]