Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

EVPN

  • EVPN-VXLAN tunnel inspection (SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 21.1R1, we've introduced the following enhancements to the VXLAN support for SRX Series devices:

    • Support for SRX5000 line of devices in addition to the SRX4000 line and vSRX

    • Enhancements to tunnel inspection for VXLAN-encapsulated traffic by applying Layer 4 or Layer 7 security services to the tunnel traffic. The supported services are:

      • Application identification
      • IDP
      • Juniper Advanced Threat Prevention (ATP Cloud)
      • Unified threat management (UTM)

    Layer 7 security services provide application-level security and protect users from security threats through VXLAN tunnel.

    [See Configuring Tunnel Traffic Inspection.]

  • Security policy enhancement for EVPN-VXLAN tunnel inspection (SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX)—Starting in Junos OS Release 21.1R1, we've enhanced EVPN-VXLAN tunnel inspection by adding zone-level policy control for the inner traffic. When you create a policy that applies to the inner session created by VXLAN inner header, you can define the following parameters as match conditions for the inner traffic:

    • Source zone
    • Destination zone
    • URL category
    • Dynamic applications

    Additional matching criteria in the security policy provide granular control and extensibility to manage traffic.

    [See Configuring Tunnel Traffic Inspection.]