Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

VPNs

  • Deprecated IPsec manual VPN configuration statement (SRX Series devices and vSRX instances that run the kmd process))—Starting in Junos OS Release 22.3R1, we’ve deprecated the manual IPsec VPN (flow mode) configuration. Therefore, you cannot establish a manual IPsec security association through the [edit security ipsec vpn vpn-name manual] configuration hierarchy.

    [See manual (Security IPsec).]

  • Chassis Cluster HA control link encryption (SRX5000 line of devices with SPC3 card)—Starting in Junos OS Release 22.3R1, we support Chassis Cluster HA control link encryption. The Chassis Cluster HA control link encryption protects traffic between the HA nodes using the trusted IPSec protocols.

    With Chassis Cluster HA link encryption tunnel, any security sensitive parameters or critical security parameters exchanged over the control link between the two chassis in chassis cluster mode are protected using IPSec. Using IPSec for internal communication between nodes, information such as, configuration information and IKE HA messages that passes through the chassis cluster link from the primary node to the secondary node is protected from active and passive eavesdropping.

    To activate Chassis Cluster HA control link encryption, use the below commands:

    • set groups node0 security ipsec vpn <vpn-name> ha-link-encryption

    • set groups node1 security ipsec vpn <vpn-name> ha-link-encryption

    [See Chassis Cluster HA Control Link Encryption, show security ipsec security-associations, show security ike security-associations, show security ipsec security-associations, show security ipsec statistics, clear security ike security-associations, and clear security ipsec security-associations.]