New and Changed Features
This section describes the new features and enhancements to existing features in Junos Space Security Director Release 22.2R1.
Polymorphic address support in source and destination addresses for NAT rules—Starting in Security Director Release 21.3R1 hot patch v3, while creating NAT rules for a group policy, you can select a polymorphic address as the source or destination address. The rule points to the default address if the device IP address does not match any of the context values in the polymorphic address. If there is a match, the address corresponding to the context value is considered as the source or destination address of the rule.
Note:Polymorphic addresses are not supported in static NAT destination addresses.
Support for disabling service offload in Security Director—Starting in Security Director Release 21.3R1 hot patch v3, we’ve provided options to delete the configured service and disable services offload for standard and unified firewall policies.
You can select from the following options:
None—Select to delete the configured service from the device.
Enable—Select to enable services offload. When services offload is enabled, only the first packets of a session go to the SPU. The rest of the packets in services offload mode do not go to the SPU; therefore, some security features such as stateful screen are not supported. You can offload services only for TCP and UDP packets.
Disable—Select to disable services offload.
Note:Both logical systems and tenant systems support the disable services offload feature.
Support to terminate CLI/J-Web edit mode user session—Starting in Security Director Release 21.3R1 hot patch v3, when you retry the update job on devices that failed due to device lock failures, you can terminate CLI user sessions on a device from Security Director.
To terminate the user session:
Select Monitor > Job Management.
Select the job, and then from the More list select Retry on Failed Devices.
The Retry Update Failed Devices page is displayed.
Select the Evict CLI/J-Web edit mode users option.
For new features and enhancements in Policy Enforcer, see Policy Enforcer Release Notes.