Junos OS Features Supported on vSRX with Nutanix
SRX Series Features Supported on vSRX
vSRX inherits most of the branch SRX Series features with the following considerations shown in Table 1.
To determine the Junos OS features supported on vSRX, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. Find Feature Explorer at: Feature Explorer: vSRX .
Feature |
Description |
|---|---|
Application firewall |
Supported |
Deep packet inspection |
Supported |
IDP |
The IDP feature is subscription based and must be purchased. After purchase, you can activate the IDP feature with the license key. For SRX Series IDP configuration details, see: Understanding Intrusion Detection and Prevention for SRX Series In J-Web, use the following steps to add or edit an IPS rule:
|
J-Web |
Supported |
Layer 3 Routed Mode |
Supported |
Layer 2 Transparent mode |
Supported |
Screens |
Supported |
Secure wire |
Supported |
GPRS |
Supported |
Transparent mode |
The known behaviors for transparent mode support on vSRX are:
For information on configuring transparent mode vSRX, see: Layer 2 Bridging and Transparent Mode Overview. |
UTM |
The UTM feature is subscription based and must be purchased. After purchase, you can activate the UTM feature with the license key. For SRX Series UTM configuration details, see: Unified Threat Management Overview For SRX Series UTM antispam configuration details, see: Antispam Filtering Overview. |
SRX Series Features Not Supported on vSRX
vSRX inherits many features from the SRX Series device product line. Table 2 lists SRX Series features that are not applicable in a virtualized environment, that are not currently supported, or that have qualified support on vSRX.
SRX Series Feature |
vSRX Notes |
|
|---|---|---|
| Application Layer Gateways | ||
Avaya H.323 |
Not supported |
|
| Authentication with IC Series devices | ||
Layer 2 enforcement in UAC deployments |
Not supported Note:
UAC-IDP and UAC-UTM also are not supported. |
|
| Chassis cluster support | ||
Chassis cluster for VirtIO driver |
Not supported Note:
The link status of VirtIO interfaces is always reported as UP, so a vSRX chassis cluster cannot receive link up and link down messages from VirtIO interfaces. |
|
Dual control links |
Not supported |
|
In-band and low-impact cluster upgrades |
Not supported |
|
LAG and LACP (Layer 2 and Layer 3) |
Not supported |
|
Layer 2 Ethernet switching |
Not supported |
|
Low-latency firewall |
Not supported |
|
SR-IOV interfaces |
Not supported |
|
| Class of service | ||
High-priority queue on SPC |
Not supported |
|
Tunnels |
Only GRE and IP-IP tunnels supported |
|
| Data plane security log messages (stream mode) | ||
TLS protocol |
Not supported |
|
| Diagnostic tools | ||
Flow monitoring cflowd version 9 |
Not supported |
|
Ping Ethernet (CFM) |
Not supported |
|
Traceroute Ethernet (CFM) |
Not supported |
|
| DNS proxy | ||
Dynamic DNS |
Not supported |
|
| Ethernet link aggregation | ||
LACP in standalone or chassis cluster mode |
Not supported |
|
Layer 3 LAG on routed ports |
Not supported |
|
Static LAG in standalone or chassis cluster mode |
Not supported |
|
| Ethernet link fault management | ||
Physical interface (encapsulations) |
||
ethernet-tcc
|
Not supported |
|
extended-vlan-tcc
|
Not supported |
|
Interface family |
||
|
Not supported |
|
|
Not supported |
|
| Flow-based and packet-based processing | ||
End-to-end packet debugging |
Not supported |
|
Network processor bundling |
Not supported |
|
Services offloading |
Not supported |
|
| Interfaces | ||
Aggregated Ethernet interface |
Not supported |
|
IEEE 802.1X dynamic VLAN assignment |
Not supported |
|
IEEE 802.1X MAC bypass |
Not supported |
|
IEEE 802.1X port-based authentication control with multisupplicant support |
Not supported |
|
Interleaving using MLFR |
Not supported |
|
PoE |
Not supported |
|
PPP interface |
Not supported |
|
PPPoE-based radio-to-router protocol |
Not supported |
|
PPPoE interface Note:
Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, the vSRX supports Point-to-Point Protocol over Ethernet (PPPoE) interface. |
Not supported |
|
Promiscuous mode on interfaces |
Only supported if enabled on the hypervisor |
|
| IP Sec and VPNs | ||
Acadia - Clientless VPN |
Not supported |
|
DVPN |
Not supported |
|
Hardware IPsec (bulk crypto) Cavium/RMI |
Not supported |
|
IPsec tunnel termination in routing instances |
Supported on virtual router only |
|
Multicast for AutoVPN |
Not supported |
|
| IPv6 support | ||
DS-Lite concentrator (also called Address Family Transition Router [AFTR]) |
Not supported |
|
DS-Lite initiator (also called Basic Bridging Broadband [B4]) |
Not supported |
|
| ISSU | Not supported |
|
| J-Web | ||
Enhanced routing configuration |
Not supported |
|
New Setup wizard (for new configurations) |
Not supported |
|
PPPoE wizard |
Not supported |
|
Remote VPN wizard |
Not supported |
|
Rescue link on dashboard |
Not supported |
|
UTM configuration for Kaspersky antivirus and the default Web filtering profile |
Not supported |
|
| Log File formats for system (control plane) logs | ||
Binary format (binary) |
Not supported |
|
WELF |
Not supported |
|
| Miscellaneous | ||
Hardware acceleration |
Not supported |
|
Logical systems |
Not supported |
|
Outbound SSH |
Not supported |
|
Remote instance access |
Not supported |
|
USB modem |
Not supported |
|
Wireless LAN |
Not supported |
|
| MPLS | ||
circuit cross-connect (CCC) and translational cross-connect (TCC) |
Not supported |
|
Layer 2 VPNs for Ethernet connections |
Only if promiscuous mode is enabled on the hypervisor |
|
| Network Address Translation | ||
Maximize persistent NAT bindings |
Not supported |
|
| Packet capture | ||
Packet capture |
Only supported on physical interfaces and tunnel interfaces, such as gr, ip, and st0. Packet capture is not supported on redundant Ethernet interfaces (reth). |
|
| Routing | ||
BGP extensions for IPv6 |
Not supported |
|
BGP Flowspec |
Not supported |
|
BGP route reflector |
Not supported |
|
Bidirectional Forwarding Detection (BFD) for BGP |
Not supported |
|
CRTP |
Not supported |
|
| Switching | ||
Layer 3 Q-in-Q VLAN tagging |
Not supported |
|
| Transparent mode | ||
UTM |
Not supported |
|
| Unified threat management | ||
Express AV |
Not supported |
|
Kaspersky AV |
Not supported |
|
| Upgrading and rebooting | ||
Autorecovery |
Not supported |
|
Boot instance configuration |
Not supported |
|
Boot instance recovery |
Not supported |
|
Dual-root partitioning |
Not supported |
|
OS rollback |
Not supported |
|
| User interfaces | ||
NSM |
Not supported |
|
SRC application |
Not supported |
|
Junos Space Virtual Director |
Not supported |
|