What’s Changed in Release 22.1R1
Junos OS API and Scripting
-
The
<request-system-zeroize>
RPC response indicates when the device successfully initiates the requested operation (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When the<request-system-zeroize>
RPC successfully initiates the zeroize operation, the device emits the<system-zeroize-status>zeroizing re0</system-zeroize-status>
response tag to indicate that the process has started. If the device fails to initiate the zeroize operation, the device does not emit the<system-zeroize-status>
response tag.
Network Management and Monitoring
-
Junos XML protocol Perl modules deprecated (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—We no longer provide the Junos XML protocol Perl client for download. To use Perl to manage Junos devices, use the NETCONF Perl library instead.
[See Understanding the NETCONF Perl Client and Sample Scripts.]
-
Changes when deactivating or deleting instances of the ephemeral configuration database (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—The following changes apply when you deactivate or delete ephemeral database instances in the static configuration database:
-
When you deactivate the entire
[edit system configuration-database ephemeral]
hierarchy level, the device deletes the files and corresponding configuration data for all user-defined ephemeral instances. In earlier releases, the files and configuration data are preserved; however, the configuration data is not merged with the static configuration database. -
When you delete an ephemeral instance in the static configuration database, the instance's configuration files are also deleted. In earlier releases, the configuration files are preserved.
-
You can delete the files and corresponding configuration data for the default ephemeral database instance by configuring the
delete-ephemeral-default
statement in conjunction with theignore-ephemeral-default
statement at the[edit system configuration-database ephemeral]
hierarchy level.
[See Enable and Configure Instances of the Ephemeral Configuration Database.]
-
Platform and Infrastructure
-
Include IPv6 address in a self-signed certificate (SRX Series devices and vSRX3.0)— We support manual generation of a self-signed certificate for the given distinguished name using IPv6 address in addition to the IPv4 address that was supported earlier. Use the
request security pki local-certificate generate-self-signed
command withipv6-address
option to include ipv6 address in a self-signed certificate.
Unified Threat Management (UTM)
-
Content filtering CLI updates (SRX Series and vSRX)—Starting in Junos OS Release 22.1R1, we've the following updates to the content filtering CLI:
- Trimmed the list of file types supported for content filtering rule
match criteria. Instead of uniquely representing different variants of a
file type, now only one
file-type
string represents all variants. Hence, theshow security utm content-filtering statistics
output is also updated to align with the new file types available in the rule match criteria. - Renamed the content filtering security logging option
seclog
tolog
to match with the Junos OS configuration standard. - Rephrased the
reason
string associated with content filtering security log message.
[See content-filtering (Security UTM Policy), content-filtering (Security Feature Profile), and show security utm content-filtering statistics.]
- Trimmed the list of file types supported for content filtering rule
match criteria. Instead of uniquely representing different variants of a
file type, now only one
User Interface and Configuration
-
Load JSON configuration data with unordered list entries (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—The Junos schema requires that list keys precede any other siblings within a list entry and appear in the order specified by the schema. Junos devices provide two options to load JSON configuration data that contains unordered list entries:
-
Use the
request system convert-json-configuration
operational mode command to produce JSON configuration data with ordered list entries before loading the data on the device. -
Configure the
reorder-list-keys
statement at the[edit system configuration input format json]
hierarchy level. After you configure the statement, you can load JSON configuration data with unordered list entries, and the device reorders the list keys as required by the Junos schema during the load operation.
When you configure the
reorder-list-keys
statement, the load operation can take significantly longer to parse the configuration, depending on the size of the configuration and number of lists. Therefore, for large configurations or configurations with many lists, we recommend using therequest system convert-json-configuration
command instead of thereorder-list-keys
statement.[See json and request system convert-json-configuration.]
-
VPNs
-
Deprecating IPsec Manual VPN Configuration Statement (SRX Series Devices and vSRX running kmd process)—Starting in Junos OS Release 22.3R1, we’ll be deprecating the Manual IPsec VPN (flow mode). This means that you cannot establish a manual IPsec security association (SA) using the
[edit security ipsec vpn vpn-name manual]
configuration hierarchy.As part of this change, we’ll be deprecating the
[edit security ipsec vpn
hierarchy level and its configuration options.vpn-name
manual][See manual.]
-
IKEv1 Tunnel establishment not allowed with HSM enabled (vSRX3.0)—On vSRX 3.0, you can safeguard the private keys used by
pkid
andiked
processes using Microsoft Azure Key Vault hardware security module (HSM) service. But, you cannot configure Internet Key Exchange version 1 (IKEv1) after enabling the HSM service. If you still try to configure IKEv1 when HSM is enabled, a warning message is displayed. -
Save User Credentials on Juniper Secure Connect Application (SRX Series and vSRX)—As a system administrator, you can now allow a user to save username or username and password for easy access:
-
using
set client-config name credentials username
option at theedit security remote-access
hierarchy level to save the username. -
using
set client-config name credentials password
option at theedit security remote-access
hierarchy level to save both the username and password.
Note that you cannot configure both
username
andpassword
options at the same time. If you have not configured any of the credentials configuration options, then the application does not remember the user credentials.[See client-config (Juniper Secure Connect) and Juniper Secure Connect Application Overview.]
-