Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

What’s Changed in Release 21.4R1

General Routing

  • No support for PKI operational mode commands on the Junos Limited version (MX Series routers, PTX Series routers, and SRX Series devices)— We do not support request , show , and clear PKI-related operational commands on the limited encryption Junos image ("Junos Limited"). If you try to execute PKI operational commands on a limited encryption Junos image, then an appropriate error message is displayed. The pkid process does not run on Junos Limited version image. Hence, the limited version does not support any PKI-related operation.

J-Web

  • Changes to the Dashboard and Monitor pages (SRX Series)—To improve the J-Web UI loading speed:

    • On the Dashboard page, we've removed the on-box reports related widgets.

    • On the Monitor > Maps and Charts > Traffic Map page, we've changed the default duration from "Last 1 hour" to Last "5 minutes".

  • Changes in Identity Management page (SRX Series)—Starting in Junos OS Release 21.4R1, we've renamed Identity Management as Juniper Identity Management Services (JIMS) in the following location:

    • In Security Services > Firewall Authentication, the Identity Management menu is renamed to JIMS.

    • In Identity Management page, all instances of Identity Management are renamed to Juniper Identity Management Services.

Network Management and Monitoring

  • The configuration accepts only defined identity values for nodes of type identityref in YANG data models (ACX Series, EX Series, MX Series, PTX Series, QFX Series, SRX Series, vMX, and vSRX)—If you configure a statement that has type identityref in the corresponding YANG data model, the device accepts only defined identity values (as defined by an identity statement) as valid input. In earlier releases, the device also accepts values that are not defined identity values.

Platform and Infrastructure

  • Advanced anti malware hash feature is deprecated.

  • Enhanced UAC authentication (SRX Series)—To regulate the lifespan (default 60 seconds) of event table entries, we've added a new configuration statement set services unified-access-control event-table-lifetime time interval in seconds> . If there is a delay in authentication at the SRX Series device, use this configuration statement to enable UAC traffic after the user is authorized from the IC.

    [See Configuring Junos OS Enforcer Failover Options (CLI Procedure).]

Routing Protocols

  • The RPD_OSPF_LDP_SYNC message not logged?On all Junos OS and Junos OS Evolved devices, when an LDP session goes down there is a loss of synchronization between LDP and OSPF. After the loss of synchronization, when an interface has been in the holddown state for more than three minutes, the system log message with a warning level is sent. This message appears in both the messages file and the trace file. However, the system log message does not get logged if you explicitly configure the hold-time for ldp-synchronization at the edit protocols ospf area area id interface interface name hierarchy level less than three minutes. The message is printed after three minutes.

  • To achieve consistency among resource paths, the resource path /mpls/signalling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/countersname='name'/out-pkts/ is changed to /mpls/signaling-protocols/segment-routing/aggregate-sid-counters/aggregate-sid-counterip-addr='address'/state/countersname='name'/. The leaf "out-pkts" is removed from the end of the path, and "signalling" is changed to "signaling" (with one "l").

Unified Threat Management (UTM)

  • Default action hit output field for UTM Web filtering statistics (SRX Series)—We've introduced a new Default action hit output field for the show security utm web-filtering statistics operational command. The Default action hit output field displays the number of sessions for which the juniper-local, juniper-enhanced, or websense-redirect profiles took the default action.

    [See show security utm web-filtering statistics.]

VPNs

  • Deprecated Dynamic VPN CLI configuration statements and operational commands (SRX Series Devices)—Starting in Junos OS Release 21.4R1, we’ve deprecated the dynamic VPN remote access solution. This means that you cannot use Pulse Secure Client on these devices.

    As part of this change, we’ve deprecated the [edit security dynamic-vpn] hierarchy level and its configuration options. We’ve also be deprecated the show and clear commands under the [dynamic-vpn] hierarchy level.

    As an alternative, you can use the Juniper Secure Connect remote access VPN client that we introduced in Junos OS Release 20.3R1. Juniper Secure Connect is a user-friendly VPN client that supports more features and platforms than dynamic VPN does. SRX comes with two built-in concurrent users on all SRX Series devices. If you need additional concurrent users, then contact your Juniper Networks representative for remote-access licensing. To understand more about Juniper Secure Connect licenses, see Licenses for Juniper Secure Connect and Managing Licenses.

    [See Juniper Secure Connect User Guide, Juniper Secure Connect Administrator Guide, Licenses for Juniper Secure Connect, and Managing Licenses.]