Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?



  • New MIC for MPC2E-3D and MPC3E-3D line cards—Starting in Junos OS Release 24.2R1, the MPC2E-3D and MPC3E-3D line cards support MIC-3D-10GbE-SFP-E Modular Interface Card (MIC). This MIC offers crucial 1 G/10 GbE port compatibility for MPC2E-NG and MPC3E-NG supported line cards on the MX240, MX480, MX960, MX2010, and MX2020 chassis. In addition to port compatibility, this MIC offers crucial capabilities, including Media Access Control Security (MACsec) and Precision Time Protocol (PTP) (Class B) support, catering to timing applications and meeting the requirements of federal and service provider customers. This MIC ensures seamless integration and compatibility across various deployment scenarios on the MX Series platforms.

    Table 1: Features Supported for MIC-3D-10GE-SFP-E



    • The 10x10GbE SFPP and 10x1GbE SFP MIC supports the MPC2E-NG and MPC3E-NG line cards on the MX240, MX480, MX960, MX2010, and MX2020 routers.This MIC has 10 ports that support 1-Gbps small form-factor pluggable (SFP) and 10-Gbps small form-factor pluggable plus (SFP+) transceivers along with PTP and MACsec capabilities.

      [See pic-mode and number-of-ports.]

    • We support a new MIC, MIC-3D-10GbE-SFP-E, for the MPC2E-3D-NG, MPC2E-3D-NG-Q, MPC3E-3DNG, and MPC3E-3D-NG-Q line cards.The MIC has ten 10GbE ports that support SFP and SFP+ transceivers. The ports provide MACsec support.

      [See MICs Supported by MX Series Routers.]

    High availability and resiliency

    • Support for MIC (MIC-3D-10GbE-SFP-E) resiliency in MX Series devices.

    • Support for MIC with 1GbE SFP or 10GbE SFP+ ports along with PTP and MACsec capabilities on the line cards.

      [See Port Speed on MX Routers]

    • Supported transceivers, optical interfaces, and DAC cables—Select your product in the Hardware Compatibility Tool to view the supported transceivers, optical interfaces, and direct attach copper (DAC) cables for your platform or interface module. We update the HCT and provide the first supported release information when the optic becomes available.

    • Oversubscription and preclassification support for MIC MIC-3D-10GbE-SFP-E on MX Series devices.

      [See Oversubscription.]


    • Support for Media Access Control Security (MACsec) on physical and virtual interfaces with GCM-AES-128, GCM-AES-256, GCM-AES-XPN-128, and GCM-AES-XPN-256 encryption. Both physical and virtual interfaces support static connectivity association key (CAK) mode. Only physical interfaces support dynamic CAK mode, preshared key (PSK) hitless rollover keychain, and aggregated Ethernet.

      [See Configuring MACsec.]

    • Precision Time Protocol with Media Access Control Security encryption (MIC-3D-10GbE-SFP-E) enables the simultaneous support of Precision Time Protocol (PTP) and Media Access Control Security (MACsec) encryption on a single port.

      The following limitations apply:

      • The maximum number of MACsec-enabled logical interfaces (IFL) is 200 per system.

      • The maximum number of MACsec-enabled ports with physical interfaces (IFDs) and IFLs where MACsec and PTP are enabled together on different ports is 200 per system.

      • The maximum number of IFLs that can be supported on both 1G and 10G ports is 128.

      • PTP in clear text mode is not supported.


    • Synchronous Ethernet with G.8262 standard support on MIC-3D-10GbE-SFP-E. We support Synchronous Ethernet with G.8262 in compliance with the following International Telecommunication Union Telecommunication Standardization (ITU-T) standard to facilitate the transference of clock signals over the Ethernet physical layer.

      Synchronous Ethernet (G.8262). Timing and synchronization aspects in packet networks. Specifies timing characteristics of synchronous Ethernet equipment clock (EEC).

      [See Synchronous Ethernet.]

    • Precision Time Protocol with G.8275.1 standard support on MIC-3D-10GbE-SFP-E. We support Precision Time Protocol with G.8275.1 in compliance with the following International Telecommunication Union Telecommunication Standardization (ITU-T) standards to facilitate distribution of precise time and frequency over packet-switched Ethernet networks.
      • G.8275.1—PTP profile for phase and time (full timing support)

      • G.8275.1—PTP profile for phase and time over link aggregation group (LAG)

      [See Precision Time Protocol.]

  • New SRX4300 Firewall—Starting in Junos OS Release 24.2R1, we introduce the midrange SRX4300 Firewall. The SRX4300 Firewall provides next-generation firewall capabilities and advanced threat detection and mitigation. This firewall is ideal for small and medium sized enterprise edge, campus edge, data center edge firewall, and secure VPN router deployments for distributed enterprise use cases.

    Table 2: Features Supported on SRX4300 Firewall




    • Chassis and field-replaceable unit (FRU) management support, including:

      • Temperature threshold monitoring using sensors

      • Power supply unit (PSU) control

      • PIC detection

      • Fabric management

      • Fan speed adjustment as per EM policy

      [See Configuring Ambient Temperature and Chassis-Level User Guide.]

    Chassis Cluster

    Class of service (CoS)


    • The SRX4300 is a 1-U chassis with the following ports:

      • Eight 10 multi-rate Gigabit Ethernet interface (mge) BASE-T ports

      • Eight 10-Gigabit Ethernet (GbE) SFP+ ports

      • Four 25GbE SFP28 ports

      • Six 100GbE QSFP28 ports

      • Two 1GbE SFP HA ports

      All ports are MACsec capable and support both AC and DC variants.

      To install the SRX4300 hardware and perform initial software configuration, routine maintenance, and troubleshooting, see SRX4300 Firewall Hardware Guide.

      [See Feature Explorer for the complete list of features for any platform.]

    High availability (HA) and resiliency

    • Support for BFD

      • Support up to 3 x 300-millisecond (msec) failure detection time

      • Support up to 100 BFD sessions

      [See Understanding BFD for Static Routes for Faster Network Failure Detection and Understanding How BFD Detects Network Failures.]

    • Multinode High Availability supports Auto Discovery VPN (ADVPN) in node-local tunnel deployment.

      Node-local tunnels enhance Multinode High Availability by providing separate tunnels from a VPN peer device to both nodes in the setup. With ADVPN, VPN tunnels can be established dynamically between spokes. Combining ADVPN with Multinode High Availability in node-local tunnel deployment ensures robust network connectivity, efficient resource utilization, and seamless failover capability.

      [See IPsec VPN Support in Multinode High Availability.]

    • Support for Multinode High Availability in routing, hybrid, and default gateway modes

      [See Multinode High Availability.]

    • Provides platform software resiliency support for the following hardware components:

      • CPU

      • Peripheral Component Interconnect (PCI)

      • Memory

      • Inter-integrated circuit (I2C)

      • Temperature sensor

      • Fan

      • Power supply units (PSUs) in 1+1 redundancy mode

      When a hardware component fails, the Junos OS software:

      • Logs the message with failure details, including time stamp, module name, and component name.

      • Raises or clears alarms, if applicable.

      • Makes the LED glow to indicate FRU fault.

      • Performs local action, such as self-healing and taking the component out of service.

      [See Chassis-Level User Guide.]


    • Interfaces support includes four PICs with the following default speeds:

      • PIC 0 with 10 Gbps (Copper)

      • PIC 1 with 10 Gbps (SFP+)

      • PIC 2 with 25 Gbps (SFP28)

      • PIC 3 with 100 Gbps (QSFP28)

      Junos OS creates PIC 0 by default. You can create PIC 1, PIC 2, and PIC 3 interfaces by inserting SFP+, SFP28, and QSFP28 transceivers, respectively.

      [See Port Speed on SRX Series Firewalls.]

    • Mixed speed support on SFP28 ports.

      You can configure two options in PIC mode; 1GbE/10GbE combined and 25GbE.

      [See Port Speed on SRX Series Firewalls.]

    Junos telemetry interface (JTI)

    • Stream data from a device to a collector using basic JTI sensors and new flow monitoring sensors. Junos OS supports the following flow sensors:

      • PIC CPU utilization /junos/security/spu/cpu

      • Flow session and flow packets /junos/security/spu/flow

      • Flow session and flow packets for logical systems /junos/security/spu/flow/lsys

      [For state sensors, see Junos YANG Data Model Explorer.]

    Layer 7 security features


    • Support for MACsec in static CAK mode on physical interfaces with the following encryptions:

      • GCM-AES-128

      • GCM-AES-256

      • GCM-AES-XPN-128

      • GCM-AES-XPN-256

      Channelized ports and switch-to-switch connections support this feature.

      [See Configuring MACsec.]

    Network management and monitoring

    Remote access

    Services applications

    Software Installation and Upgrade

    User access and authentication administration

    Support for Trusted Platform Module (TPM)-based certificates for advanced anti-malware (AAMW) protection To use the TPM-based certificates:

    • The device loads the TPM-based certificate using PKI during the device's start and restart operations. To view the TPM-based certificate ID, referred to as idev-id, use the show security pki node-local local-certificate certificate-id idev-id command.

    • The SSL Initiation uses the certificate for Transport Layer Security (TLS) connection to authenticate the device. You can configure the tpm option using the set services ssl initiation profile profile-name crypto-hardware-offload command.

    See show security pki node-local local-certificate and profile (SSL Initiation).]