Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Service Releases

This section includes the installation and upgrade procedures, as well as the resolved issues, in Juniper Security Director version 24.4.1 service release build #1703.

Installation Instructions

To install Juniper Security Director, follow these steps:

  1. Download the Juniper Security Director OVA from https://support.juniper.net/support/downloads/?p=security-director-on-prem

  2. Download the latest Juniper Security Director Software Bundle Update-1703 (.tgz) from https://support.juniper.net/support/downloads/?p=security-director-on-prem

  3. Deploy the VM. See Deploy the VM for details.

The latest service release includes security enhancements. Previously, if you've installed the OVA and software bundle but choose to implement the latest security enhancements, we strongly recommend to download and reinstall the OVA and latest software bundle.

Upgrade Instructions

Note:

We recommend scheduling the upgrade during a maintenance window with ample time. Note the following impacts and timelines:

  • Device Connectivity and Log Streaming— These will be impacted for less than 2 minutes, though this duration may vary based on the scale of devices.
  • Total Upgrade Duration— The entire upgrade may take approximately 40 minutes to complete. This duration might vary depending on the network latency at your premises while copying the bundle. However, you can continue using Juniper Security Director application during the upgrade but be aware that there may be a brief glitch of a couple of minutes while services are upgraded in the background.

Perform the following steps to upgrade your existing Juniper Security Director to latest release:

  1. Download latest Juniper Security Director Software Bundle Update-1703 (.tgz) from https://support.juniper.net/support/downloads/?p=security-director-on-prem

  2. Upgrade the software bundle using one of the following methods:

    • Using Juniper Security Director UI

      See Upgrade Juniper Security Director.

    • Using CLI

      1. Run the set bundle install command.

      2. Enter the remote file path using one of the formats:

        • user@server:port/relative-path or user@server:port//absolute-path

        • user@server:relative-path or user@server:/absolute-path

      3. Enter the SCP file path.

        For example, root@10.157.74.3:/root/Juniper-Security-Director-24.4.1-xxxx.tgz

      4. Enter the SCP user password.

        The software bundle installation starts. You can monitor the installation status using show bundle install status command.

Resolved Issues in 24.4.1 Service Release Build #1703

  • SMTP server connection error resolution—When logging into the web GUI for customer onboarding, you might have encountered an error message after entering valid SMTP server details, enabling SMTP server authentication, and clicking Test SMTP Server. The error suggested checking your SMTP settings, even if they were correct. This issue is now resolved, ensuring a smoother onboarding process without unnecessary error prompts.

  • Dashboard update—The Firewall: Top Event on the dashboard now displays a comprehensive range of events, not just Firewall Deny events. You can view additional events such as Security Intelligence (SECINTEL), Web Filter, and Content Filter. This enhancement allows for more effective monitoring and analysis of firewall activities, providing a broader understanding of network security events.

  • Monitor menu update—The Monitor menu pages incorrectly displayed the Export Log button, which has now been removed. This update prevents confusion and ensures that menu options are accurate, enhancing user experience.

  • Deployment failure resolution—After deploying the virtual machine (VM) and onboarding devices to Juniper Security Director, the following discrepancies were observed:

    • On the Juniper Security Director UI, the SRX > Device Management > Devices page showed the device management status as Down.

    • On the device, the output from the SSH client command show system connections | match 7804 indicated that the status was ESTABLISHED, indicating a stale connection.

    Due to these discrepancies, the device-bound configurations did not function. This issue is now resolved.

  • Firewall deployment synchronization issue resolved—After deploying the firewall to the SRX/vSRX Series devices, users previously encountered an issue where the Jobs page was running multiple jobs for network synchronization. This issue is resolved.

  • Configuration template validation error resolution—You can now successfully validate configurations on the devices using the SRX > Device Management > Configuration Template page. Previously, an error occurred when deploying a configuration template, setting parameter values, and clicking Validate. This issue is resolved, ensuring a smoother configuration process.

  • Report definition cloning issue resolution—When you clone an existing report definition from Monitor > Reports > Report Definitions, the cloned report previously did not display the correct report type for certain definitions. This issue affected the URLs Visited Per User Report, Network Operations Report, and Top Talkers Report. The problem is now resolved, ensuring accurate report type display for cloned definitions.

  • Software upgrade issue resolved for SRX1600 and SRX2300 firewalls—You can now upgrade the software image on Juniper Networks SRX1600 and SRX2300 firewalls from version 23.4R1.9 to any other version using Juniper Security Director.

  • NAT pool re-import conflict resolution—When you re-import a NAT pool with a preconfigured address object and deploy it using a NAT rule, object conflict resolution (OCR) for the address name field is now automatically handled. This enhancement ensures seamless deployment without manual intervention, improving efficiency and reducing errors.

  • Resolution of NAT Pool conflict in SRX devices—Previously, when onboarding an SRX device with a NAT pool tied to a NAT policy rule, if another SRX device with the same NAT pool was already in the Juniper Security Director, the publish-nat-policies job would fail. This issue is resolved, enabling successful onboarding of SRX devices.

  • Import NAT policy with proxy ARP rules—You can now import a NAT policy with proxy ARP rules without manually enabling Manage Proxy ARP on the SRX > NAT > NAT Policies page. This fix eliminates extra editing steps before deploying the imported NAT policy.

  • CLI admin password change resolution—You can now log in successfully with a new password after using the changepasswd command. This update resolves the previous issue where users could not log in with their new password that was set using the command.

  • Password update with escape sequences—When you change a password using valid escape sequence characters, the system previously allowed the update but prevented subsequent login with the new password. This issue is now resolved, ensuring you can successfully log in after updating your password with escape sequences.