Hot Patch Releases

This section describes the installation procedure and resolved issues in Junos Space Security Director Release 23.1R1 hot patch.

During hot patch installation, the script performs the following operations:

Blocks the device communication.
Stops JBoss, JBoss Domain Controller (JBoss-dc), and jmp-watchdog services.
Backs up existing configuration files and EAR files.
Updates the Red Hat Package Manager (RPM) files.
Restarts the watchdog process, which restarts JBoss and JBoss-dc services.
Unblocks device communication after restarting the watchdog process for device load balancing.
Note:
You must install the hot patch on Security Director Release 23.1R1 or on any previously installed hot patch. The hot patch installer backs up all the files which are modified or replaced during hot patch installation.

Installation Instructions

Perform the following steps in the CLI of the JBoss-VIP node only:

Download the Security Director 23.1R1 Patch vX from the download site.

Here, X is the hot patch version. For example, v1, v2, and so on.
Copy the SD23.1R1-hotpatch-vX.tgz file to the /home/admin location of the VIP node.
Verify the checksum of the hot patch for data integrity:

md5sum SD23.1R1-hotpatch-vX.tgz.
Extract the SD23.1R1-hotptach-vX.tgz file:

tar -zxvf SD23.1R1-hotpatch-vX.tgz
Change the directory to SD23.1R1-hotpatch-vX.

cd SD23.1R1-hotpatch-vX
Execute the patchme.sh script from the SD23.1R1-hotpatch-vX folder:

sh patchme.sh

The script detects whether the deployment is a standalone deployment or a cluster deployment and installs the patch accordingly.

A marker file, /etc/.SD23.1R1-hotpatch-vX, is created with the list of Red-hat Package Manager (RPM) details in the hot patch.

Note:

We recommend that you install the latest available hot-patch version, which is the cumulative patch.

New and Enhanced Features in the Hot Patch

Junos Space Security Director Release 23.1R1 hot patch includes the following enhancements:

Support for SRX2300—Starting in Junos Space Security Director Release 23.1R1 hot patch v3, we've provided support for SRX2300 device.
Support for SRX1600—Starting in Junos Space Security Director Release 23.1R1 hot patch v2, we've provided support for SRX1600 device.

Supported Devices in the Hot Patch

Table 1 lists the devices supported in Security Director 23.1R1 Hot Patch Releases.

Table 1: Supported Devices in the Hot Patch
Supported Device	Hot Patch Release Version
SRX1600	Junos Space Security Director 23.1R1 Hot Patch v2
SRX2300	Junos Space Security Director 23.1R1 Hot Patch v3

Resolved Issues in the Hot Patches

Table 2 lists the resolved issues in Security Director Release 23.1R1 hot patch.

Table 2: Resolved Issues in the Hot Patch
PR	Description	Hot Patch Version
PR1783380	When user tries to delete a security policy rule between two zones, Security Director generates two delete statements and the update fails.	v4
PR1782360	User is unable to create static route under Security Director 22.3R1.20 while using host/32.	v4
PR1774699	IP filter tab search is not working as expected.	v4
PR1763709	User is unable to publish a policy.	v4
PR1741484	User is unable to change password from Security Director > My Profile > Change Password.	v4
PR1764858	When user selects the application session under appvisibility page, Security Director redirects to the wrong filter under all events.	v3
PR1756160	Devices missing from the UTM Install Category page.	v3
PR1755886	During NAT policy import, Security Director creates address object with value 0.0.0.0/0 and not any IP4 adresses.	v3
PR1754759	Security Director fails to search rule name for imported rules.	v3
PR1765982	Security Director API fails to prevent creation of duplicate addresses.	v3
PR1771392	User is unable to add an extranet device without an IP address when creating a site-to-site IPSec VPN where the remote site has a dynamic IP address.	v3
PR1752533	LC under Insights Nodes disappears after discovery.	v3
PR1724644	Frequent syslog data parsing and circuit_breaking_exception error appers while fetching it via curl query.	v2
PR1751227	Security director is unable to get the policy hit count using the rest API.	v2
PR1741255	The application visibility feature shows incorrect application data in Security Director.	v2
PR1754290	VPN publishing jobs fail.	v2
PR1755392	When you search for a policy in Security Director through the rest API, the source or destination address of the policy is not displayed.	v2
PR1732842	The Pie chart is not displayed in the generated report because of the exceeding character limit in the URL.	v2
PR1737807	When you try to preview the changes done to a policy before publishing, it fails with `Calculating XML Edit Config` error message.	v1
PR1737807	Security Director deletes the routing options autonomous-system configuration, when you try to update the devices with IPsec VPN.	v1
PR1736563	Security Director modifies the device setup by adding an additional set of VPN configurations.	v1
PR1735089	Security Director deletes the configurations for the policy-based VPNs that do not get imported to Security Director.	v1
PR1727372	The VPN Monitoring page does not load the data in Security Director Release 22.3R1.	v1
PR1698920	Security Director shows invalid configuration in the update configuration preview.	v1
PR1744985	After upgrading Security Director to 23.1R1 release, report generation fails with an error.	v1
PR1732842	The Pie chart is not displayed in the generated report because of the exceeding character limit in the URL.	v1
PR1746082	When you schedule a job to generate a report, it fails with exceptions.	v1
PR1741255	The application visibility feature shows incorrect application data in Security Director.	v1
PR1728629	User is unable to sort the columns on the Logging Devices page in Security Director.	v1
PR1743599	Security Director displays the Tunnel Status as UNKNOWN when user tries to create a VPN through the GUI.	v1