What's Changed

New fallback option for antivirus (SRX Series and vSRX)—We introduce the server-connection-err statement at the edit security utm default-configuration anti-virus fallback-options hierarchy level. This new statement enables you to configure the fallback actions when the device to Sophos server connection has an error due to following reasons:

• Sophos server configuration does not have an SSL initiation profile.

• Server host is not resolved.

• Outgoing interface IP is not available.

• Server to device connection creation failed due to internal errors.

We've also enhanced the show security utm anti-virus statistics output with the Server connection error counter.

See fallback-options (Security Antivirus Sophos Engine).

NETCONF <copy-config> operations support a file:// URI for copy to file operations (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The NETCONF <copy-config> operation supports using a file:// URI when <url> is the target and specifies the absolute path of a local file.

[See <copy-config>.]

Enhancements to IKE configuration management for clearing IKE stats on secondary node (SRX Series)—In Earlier Junos OS Releases, in a Chassis Cluster mode, the ike-config-Management (IKEMD) process did not respond to management requests on the secondary node. The command clear security ike stats, fails with the error message error: IKE-Config-Management not responding to management requests on the secondary node. Starting in Junos OS Release 22.4R3, the command runs successfully without the error on the secondary node.

Introduction of extensive option for IPsec security associations (MX Series, SRX Series and vSRX 3.0)—We've introduced the extensive option for the show security ipsec security-associations command. Use this option to display IPsec security associations with all the tunnel events. Use the existing detail option to display upto ten events in reverse chronological order.

See show security ipsec security-associations.