Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Application Identification (AppID)

  • Application signature package installation enhancements (SRX Series Firewalls and vSRX)—Starting in Junos OS Release 24.2R1, we've enhanced application signature package installation with the following changes:

    • During application signature package installation, the system performs data plane validation. This validation checks for errors in the package. If successful, the installation proceeds. If errors are found, the installation stops and reverts to the previous active version.

    • When using a chassis cluster setup, the system first installs the application signature package on the primary node and checks for any issues or problems. If the validation is successful, it then proceeds to install the same package on the secondary node.

    • The auto rollback feature now enables the system to revert to a previously working version of the application signature package. Additionally, it retains the previously designated rollback version in the event of any issues during application signature package installation.

    New enhancements ensure a smooth transition by reverting to a known working version if needed.

    See [Application Signatures for Application Identification].

  • CASB support (SRX300, SRX320, SRX340, SRX345, SRX380, SRX1500, SRX4100, SRX4200, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)—Starting in Junos Release OS 24.2R1, SRX Series Firewalls support Cloud Access Security Broker (CASB).

    CASB discovers SaaS applications in use and provides visibility and granular controls to protect and manage access to cloud applications. On SRX Series Firewalls, CASB provides inline activity control for the following set of cloud applications:

    • Box
    • Dropbox
    • Salesforce
    • Google Docs
    • OneDrive
    • SharePoint
    • Slack
    • Gmail

    See [Cloud Access Security Broker (CASB) Policy].

  • SSL proxy enhancements (SRX Series Firewalls and vSRX3.0)—Starting in Junos OS Release 24.2R1, we introduce following enhancements for SSL proxy on SRX Series Firewalls:

    • Support of SNI extension at SSL initiation (SSL-I).
    • Support of certificate chain at SSL-I for client certificate verification.
    • Support for P-384, P-512 EC group for SSL proxy profile in addition to P-256.
    • Support for new ECDSA ciphers for SSL initiation and SSL termination profiles in non-proxy mode:
      • ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
      • ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      • ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
      • ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
      • ECDHE_ECDSA_WITH_AES_256_CBC_SHA
      • ECDHE_ECDSA_WITH_AES_128_CBC_SHA
      • ECDHE_ECDSA_WITH_CHACHA20_POLY1305
    • New syslog messages for SSL configurations.
      • SSL_CONFIG_MEMORY_ALLOCATION_FAILURE— For memory allocation
      • SSL_CONFIG_PROFILE_PROCESS_ERR —For SSL profile processing
      • SSL_CONFIG_CERT_PROCESS_ERR— For SSL certificate processing.
      • SSL_GLOBAL_CONFIG_PROCESS_ERR—For SSL global configuration.
      • SSL_CONFIG_PKI_IPC_ERR— For IPC communication for SSL-PKI

      See [ Cipher Suites for SSL Proxy.]