ON THIS PAGE
What's Changed
Learn about what changed in the Junos OS main and maintenance releases for SRX Series.
Unified Threat Management (UTM)
-
Content filtering CLI updates (SRX Series and vSRX)—We've the following updates to the content filtering CLI:
- Trimmed the list of file types supported for content filtering rule
match criteria. Instead of uniquely representing different variants of a
file type, now only one
file-type
string represents all variants. Hence, theshow security utm content-filtering statistics
output is also updated to align with the new file types available in the rule match criteria. - Renamed the content filtering security logging option
seclog
tolog
to match with the Junos OS configuration standard. - Rephrased the
reason
string associated with content filtering security log message.
[See content-filtering (Security UTM Policy), content-filtering (Security Feature Profile), and show security utm content-filtering statistics.]
- Trimmed the list of file types supported for content filtering rule
match criteria. Instead of uniquely representing different variants of a
file type, now only one
VPNs
- Unable to connect with OCSP Server for Revocation Check (SRX Series Devices
and vSRX)—When performing revocation check using OCSP, the SRX device
does not attempts to connect with the OCSP server when the OCSP server URL
contains a domain name that the DNS server cannot resolve. In this case, when
the SRX device cannot establish connection to the OCSP server and when one of
the following configuration options is set, the OCSP revocation check will
either allow or fallback to using CRL:
- set security pki ca-profile OCSP-ROOT revocation-check ocsp connection-failure disable
- set security pki ca-profile OCSP-ROOT revocation-check ocsp connection-failure fallback-crl
When the SRX device cannot establish connection to the OCSP server and if these options are not configured, then the certificate validation fails.
[See ocsp (Security PKI).]