Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Application Identification (AppID)

  • TLS version 1.3 support for SSL proxy (SRX Series)—Starting in Junos OS Release 21.2R1, Secure Sockets Layer (SSL) proxy supports the Transport Layer Security (TLS) protocol version 1.3, which provides improved security and better performance. TLS version 1.3 supports the following cipher suites:

    • TLS_AES_256_GCM_SHA384

    • TLS_AES_128_GCM_SHA256

    • TLS_CHACHA20_POLY1305_SHA256

    • TLS_AES_128_CCM_SHA256

    • TLS_AES_128_CCM_8_SHA256

    [See SSL Proxy.]

  • Application-based multipath routing (AMR) improvements (NFX150, NFX250, NFX350, SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, SRX550 HM, and vSRX)—Starting in Junos OS release 21.2R1, we've introduced the following improvements for AMR:
    • Support for the traffic in reverse direction
    • Queuing mechanism for out-of-order packets at the receiving device
    • Association of AMR rules and service-level agreement (SLA) rules with advanced policy-based routing (APBR) rule in an APBR profile
    • Link selection option that includes overlay interfaces such as GRE and secure tunnel
    • Enablement of AMR in one of the two modes—SLA violation mode or standalone mode
    • Support for IPv6 traffic
    • Support for AMR over IPsec and GRE sessions

    [See Application-Based Multipath Routing.]

  • Multicast support in SD-WAN deployments (NFX150, NFX250, NFX350, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, SRX4100, SRX4200, SRX4600, vSRX )—Starting in Junos OS Release 21.2R1, we've added support for multicast traffic on SRX Series devices in Provider Edge (PE) for SD-WAN deployments. The support for multicast traffic is available when the security device is operating with forwarding option set as flow-based.

    Support for multicast traffic results in bandwidth preservation and more efficient traffic flows.

    See [ mode (Security Forwarding Options) and Virtual Routing and Forwarding Instances in SD-WAN Deployments].

  • SLA link preference enhancement (NFX150, NFX250, NFX350, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550 HM, SRX1500, SRX4100, SRX4200, SRX4600, and vSRX)—Starting in Junos OS Release 21.2R1, SLA link preference for security device interfaces supports custom link tags. You can define the link preferences using the preferred-tag and affinity options.

    This enhancement allows application traffic to switch from a lower-priority link to a higher-priority link that meets SLA requirements.

    [See Understanding Link-Type Affinity for the Preferred Link and sla-rule.]

  • Application-based load balancing support for APBR (NFX150, NFX250, NFX350, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550 HM, SRX1500, SRX4100, SRX4200, SRX4600, and vSRX)—Starting in Junos OS Release 21.2R1, security devices support application-based load balancing for advanced policy-based routing (APBR). The APBR achieves load balancing by moving the application traffic in multiple WAN links using user-defined link selection criteria. The link selection criteria for application traffic depends on the link tag and link priority preference settings you defined for the advanced policy-based routing (APBR) interface. The application traffic distribution through the selected links depends on the link weight configuration.

    This feature improves the application traffic distribution performance for APBR and application quality of experience (AppQoE).

    [See Advanced Policy-Based Routing, sla-options, and interface.]