Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

What's Changed

Learn about what changed in the Junos OS main and maintenance releases for SRX Series.

Unified Threat Management (UTM)

  • Content filtering CLI updates (SRX Series and vSRX)—We've the following updates to the content filtering CLI:

    • Trimmed the list of file types supported for content filtering rule match criteria. Instead of uniquely representing different variants of a file type, now only one file-type string represents all variants. Hence, the show security utm content-filtering statistics output is also updated to align with the new file types available in the rule match criteria.
    • Renamed the content filtering security logging option seclog to log to match with the Junos OS configuration standard.
    • Rephrased the reason string associated with content filtering security log message.

    [See content-filtering (Security UTM Policy), content-filtering (Security Feature Profile), and show security utm content-filtering statistics.]

VPNs

  • Unable to connect with OCSP Server for Revocation Check (SRX Series Devices and vSRX)—When performing revocation check using OCSP, the SRX device does not attempts to connect with the OCSP server when the OCSP server URL contains a domain name that the DNS server cannot resolve. In this case, when the SRX device cannot establish connection to the OCSP server and when one of the following configuration options is set, the OCSP revocation check will either allow or fallback to using CRL:
    • set security pki ca-profile OCSP-ROOT revocation-check ocsp connection-failure disable
    • set security pki ca-profile OCSP-ROOT revocation-check ocsp connection-failure fallback-crl

    When the SRX device cannot establish connection to the OCSP server and if these options are not configured, then the certificate validation fails.

    [See ocsp (Security PKI).]