What's Changed
Learn about what changed in this release for SRX Series.
Content Security
-
New fallback option for antivirus (SRX Series and vSRX)—We introduce the
server-connection-err
statement at theedit security utm default-configuration anti-virus fallback-options
hierarchy level. This new statement enables you to configure the fallback actions when the device to Sophos server connection has an error due to following reasons:-
Sophos server configuration does not have an SSL initiation profile.
-
Server host is not resolved.
-
Outgoing interface IP is not available.
-
Server to device connection creation failed due to internal errors.
We've also enhanced the
show security utm anti-virus statistics
output with theServer connection error
counter. -
Network Management and Monitoring
-
NETCONF
<copy-config>
operations support afile://
URI for copy to file operations (ACX Series, EX Series, MX Series, QFX Series, SRX Series, vMX, and vSRX)—The NETCONF<copy-config>
operation supports using afile://
URI when<url>
is the target and specifies the absolute path of a local file.[See <copy-config>.]
VPNs
-
Enhancements to IKE configuration management for clearing IKE stats on secondary node (SRX Series)—In Earlier Junos OS Releases, in a Chassis Cluster mode, the ike-config-Management (IKEMD) process did not respond to management requests on the secondary node. The command
clear security ike stats
, fails with the error messageerror: IKE-Config-Management not responding to management requests
on the secondary node. Starting in Junos OS Release 22.4R3, the command runs successfully without the error on the secondary node. -
Introduction of extensive option for IPsec security associations (MX Series, SRX Series and vSRX 3.0)—We've introduced the
extensive
option for theshow security ipsec security-associations
command. Use this option to display IPsec security associations with all the tunnel events. Use the existingdetail
option to display upto ten events in reverse chronological order.