Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


What’s Changed

Learn about what changed in this release for PTX Series.

Authentication and Access Control

  • SHA-1 password format deprecated (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX and vSRX)—We've removed the sha1 option at the [edit system login password format] hierarchy level because SHA-1 is no longer supported for plain-text password encryption.

General Routing

  • OpenConfig container names for Point-to-Multipoint per interface ingress and egress sensors are modified for consistency from "signalling" to "signaling".

Junos XML API and Scripting

  • Refreshing scripts from an HTTPS server requires a certificate (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)–When you refresh a local commit, event, op, SNMP, or Juniper Extension Toolkit (JET) script from an HTTPS server, you must specify the certificate (Root CA or self-signed) that the device uses to validate the server's certificate, thus ensuring that the server is operational mode command, include the cert-file option and authentic. In earlier releases, when you refresh scripts from an HTTPS server, the device does not perform certificate validation. When you refresh a script using the request system scripts refresh-from specify the certificate path. Before you refresh a script using the set refresh or set refresh-from configuration mode command, first configure the cert-file statement under the hierarchy level where you configure the script. The certificate must be in Privacy-Enhanced Mail (PEM) format.

    See request system scripts refresh-from.

    See cert-file.

Network Management and Monitoring

  • Support for automatically synchronizing an ephemeral instance configuration upon committing the instance (EX Series, MX Series, MX Series Virtual Chassis, PTX Series, QFX Series, and vMX)—You can configure an ephemeral database instance to synchronize its configuration to the other Routing Engine every time you commit the ephemeral instance on a dual Routing Engine device or an MX Series Virtual Chassis. To automatically synchronize the instance when you commit it, include the synchronize statement at the [edit system commit] hierarchy level in the ephemeral instance's configuration.

    See Commit and Synchronize Ephemeral Configuration Data Using the NETCONF or Junos XML Protocol.

  • Changes to the NETCONF [edit-config] RPC response (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—When the [edit-config] operation returns an error, the NETCONF server does not emit a load-error-count element in the RPC response. In earlier releases, the [edit-config] RPC response includes the load-error-count element when the operation fails.

Routing Protocols

  • SSH TCP forwarding disabled by default—We've disabled the SSH TCP forwarding feature by default to enhance security. To enable the SSH TCP forwarding feature, you can configure the allow-tcp-forwarding statement at the edit system services ssh hierarchy level.

    In addition, we?ve deprecated the tcp-forwarding and no-tcp-forwarding statements at the edit system services sshhierarchy level.

    [See services (System Services).]