Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

New Features

Juniper Security Director 25.2.2

Deployment

KVM support—You can now rapidly deploy Juniper Security Director using kernel-based virtual machine (KVM). To get started, download the Juniper Security Director software (.bin) and the software bundle (.tgz) from Software Downloads page. After the resources are downloaded, run the Juniper Security Director software (.bin) and follow the terminal instructions to deploy the Juniper Security Director VM.

[See Installation and Upgrade guide.]

Dashboard

New general and security dashboards—You can now see general and security data on interactive and customizable widgets on the Dashboard page. You can view data for the last 14 days and filter information based on device name, device group, or zone. When you click the graph, chart, or widget in the dashboard, you are redirected to the corresponding Insights page, device-specific page, or All Security Events page. The widgets in the old dashboard are not updated with the logs generated after the new dashboards are implemented. [See Dashboard Overview.]

Monitor

  • Insights—You can now get a visually rich experience to monitor device traffic with advanced bubble chart visualizations and interactive grid layouts. With dynamic updates, charts and grids reflect current network activity.

    • Bubble charts—Quickly spot traffic spikes and anomalies by viewing information related to applications, URL filtering, threats, users, content filtering, anti-malware, SecIntel, DNS security, and IDP and Screens. Bubble size and color indicate the volume of threats and the risk level for intuitive pattern recognition.

    • Interactive grids—Easily filter and analyze traffic data using sortable columns.

    [See Insights Overview.]

  • Support for packet capture—You can now use Juniper Security Director to intercept and analyze packets as they pass through the data plane of the network. The captured packets are stored in a packet capture file, which you can download and analyze by using network packet analyzer tools, such as Wireshark. You can capture data packets from SRX4600, SRX5400, SRX5600, and SRX5800 devices running Junos OS Release 19.3 or later.

    [See Packet Capture Overview.]

SRX

  • Device Configurations tab—You can now use the Device Configurations tab to configure Junos OS settings for an SRX Series Firewall. The settings are classified into four categories, such as Basic Settings, Network Settings, Security Settings, and Advanced Settings.

    Note:

    • The commonly configured settings and fields are categorized and displayed in the Basic, Security, and Network Settings tabs for all the devices. All other settings and fields are displayed in the Advanced Settings tab. When you upgrade Junos OS on your device to a newer version, any new settings and fields will be displayed in the Advanced Settings tab.

    • You can ignore the setting(s) or field(s) if they are not applicable for your device. Use Feature Explorer to determine if a feature is supported on your device.

    • The Device Configuration tab excludes settings configurable from feature-specific SRX menu pages. For example, you can create an anti-malware profile only on the Anti-malware page.

    [See Devices Overview.]

  • CLI command for NETCONF and SSH rate limits—You can use CLI commands to set NETCONF and SSH rate limits when you add devices by using the Adopt Device or Adopt Cluster options on the Devices page. [See Add Devices.]

CSDS Groups

Monitor SRX Series Firewalls in CSDS Architecture—You can now use Connected Security Distributed Services (CSDS) groups to monitor your SRX Series Firewalls within the CSDS Architecture. CSDS groups provide network topology visualization and observability.

You need to deploy CSDS solution outside of Juniper Secuiorty Director. For more information, see Connected Security Distributed Services Architecture Deployment Guide.

[See CSDS Groups Overview, Create and Manage CSDS Groups, View CSDS Groups Topology, Set Threshold for CSDS Groups and Monitor SRX Series Firewalls in CSDS Groups.]

Administration

Enhanced FQDN and IP configuration management—You can now modify system details such as the virtual IP addresses and fully qualified domain names (FQDNs) for the UI, device connections, and log collector. Updating these details helps ensure continued connectivity. If you change the UI IP address or FQDN, your current session will be interrupted. You will need to log in to Juniper Security Director with the updated information.

[See Edit System Details, set address change, set ipaddress change, and show configuration.]

Backup and restore enhancements—You can restore a database backup (dump) on a newly installed Juniper Security Director software that runs the same version. Additionally, you can export data for configdb with the service configdb <export> command. [See Take a Backup of the Database and service configdb (Database)].

Custom SSL certificate support—Enhance security by associating your own custom SSL certificate in Juniper Security Director. You can upload certificates in the X.509 or PKCS #12 format from your local machine, replacing the default self-signed certificate. You can view the details of the uploaded certificate, such as name, issuer, and validity period. With this feature, you have transparency into your security settings and control over them. [See Update Server Certificate].