What’s Changed
Learn about what changed in this release for vSRX.
Platform and Infrastructure
-
SRX Series devices does not drop session with server certificate chain more than 6.
Unified Threat Management (UTM)
-
Content filtering CLI updates (SRX Series and vSRX)—We've the following updates to the content filtering CLI:
-
Trimmed the list of file types supported for content filtering rule match criteria. Instead of uniquely representing different variants of a file type, now only one
file-type
string represents all variants. Hence, theshow security utm content-filtering statistics
output is also updated to align with the new file types available in the rule match criteria. -
Renamed the content filtering security logging option
seclog
tolog
to match with the Junos OS configuration standard. -
Rephrased the
reason
string associated with content filtering security log message.
-
[See show security utm content-filtering statistics, content-filtering (Security Feature Profile), and content-filtering (Security UTM Policy).]
VPNs
-
IKEv1 Tunnel establishment not allowed with HSM enabled (vSRX3.0)—On vSRX 3.0, you can safeguard the private keys used by
pkid
andiked
processes using Microsoft Azure Key Vault hardware security module (HSM) service.But, you cannot configure Internet Key Exchange version 1 (IKEv1) after enabling the HSM service. If you still try to configure IKEv1 when HSM is enabled, a warning message is displayed.
VPNs
-
Changes to IP address byte order (vSRX 3.0)—In syslog messages for KMD_VPN_DOWN_ALARM_USER and KMD_VPN_UP_ALARM_USER, the IP address byte order now appears in the correct order as against the reverse byte order which was appearing in earlier releases.