Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Authentication and Access Control

  • Authentication options for dynamic address feed downloads (SRX Series Firewalls and vSRX 3.0)—You can authenticate dynamic address feed servers before downloading feeds into the vSRX 3.0.. Use the new authentication options, user-name and password, to securely obtain feeds from local or remote webservers. This feature facilitates automatic scaling of business operations and Layer 7 services.

    To configure this authentication, use:

    • set security dynamic-address feed-server feed-server user-name user-name

    • set security dynamic-address feed-server feed-server password password

    [See Configuring Security Policies, dynamic-address | Junos OS | Juniper Networks, and show security dynamic-address | Juniper Networks.]

  • SSH enhancements for algorithm configuration (all Junos OS platforms)—We've made the following updates to SSH algorithms:

    • The CLI command set system services ssh ca-signature-algorithms should be used to configure the signature algorithms that are allowed for certificate authorities (CAs) to use when signing certificates.

    • Under the system services ssh hostkey-algorithm-list hierarchy level, new options are introduced:

      • set system service ssh hostkey-algorithm-list rsa-sha2-256

      • set system service ssh hostkey-algorithm-list rsa-sha2-512

      These options enable RSA hostkey signatures using the SHA-256 hash algorithm and SHA-512 hash algorithm.

    • RSA signatures using the SHA-1 hash algorithm have been disabled by default. Consequently, the CLI command set system services ssh hostkey-algorithm-list rsa has been deprecated.

    [See hostkey-algorithm-list.]