Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?



  • Support for dynamic update of trusted CA bundle (SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, vSRX 3.0 and NFX350)—Starting in Junos OS Release 23.2R1, we support the dynamic update of default trusted CA certificates. With this feature, you have the latest list of default trusted CA certificates on Junos OS devices. You can easily download, install, and update the certificate bundle periodically.

    [See Dynamic Update of Trusted CA Certificates.]

  • Support for additional platform for cryptographic acceleration techniques (SRX1500, SRX4100, SRX4200, SRX4600)—Starting in Junos OS Release 23.2R1, the SRX Series Firewalls (SRX1500, SRX4100, SRX4200, SRX4600) offload the DH, ECDH and ECDSA cryptographic operations to the hardware cryptographic engine. We already support these operations on SRX5000 line of devices and vSRX 3.0. The SRX5000 line of devices continue to offload the cryptographic operations to the hardware cryptographic engine whereas the vSRX Virtual Firewall continues to offload these operations to a data plane CPU thread. This feature requires that the junos-ike package is installed on all the devices.

    [See Cryptographic acceleration support on SRX5K-SPC3 Card, SRX mid-range platforms and vSRX Virtual Firewall.]

  • PKI support (cSRX)—Starting in Junos OS Release 23.2R1, cSRX supports Public Key Infrastructure (PKI) to manage certificates.

    Use the request security pki encryption-password set plain-text-password and show security pki encryption-key-status commands to verify the PKI encryption status.

    [See Public Key Infrastructure (PKI) and cSRX Deployment Guide for Bare-Metal Linux Server.]