Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Device Security

  • Maintain flow session stability during policy configuration changes (SRX1500, SRX1600, SRX2300, SRX4100, SRX4200, SRX4300, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX)—You can maintain flow session stability during security policy configuration commits. Changes such as policy match condition modifications, policy addition or deletion, policy swap, or policy order alteration can disrupt flow sessions. These disruptions can affect Packet Forwarding Engine configuration data, potentially impacting ongoing policy searches and leading to incorrect or default policy selection.

    To prevent this disruption and to maintain flow session stability, use the set security policies lookup-intact-on-commit command.

    [See Configuring Security Policies.]

  • Enhanced policy configuration synchronization (SRX Series Firewalls and vSRX Virtual Firewall)—Use file serialization to propagate policy configuration changes to the data plane. This method serializes policy configurations into files, ensuring that the Packet Forwarding Engine applies them reliably.

    Enabled by default, file serialization minimizes security policy mismatches and boosts system reliability.

    [See Configuring Security Policies and file-serialization.]