Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Additional Features

We've extended support for the following features to these platforms.

  • Dynamic routing protocols (SRX5000 line of devices, and vSRX 3.0 running the iked process). We've extended our support to the exchange of dynamic routing information through IPsec VPN tunnels on SRX Series devices running the iked process. You can now enable dynamic routing protocols, such as OSPF, BGP, BFD, PIM, and RIP, on a st0 interface of an IPsec VPN tunnel.

    This feature is supported on the unified iked process using junos-ike package. The SRX5K-SPC3 card with RE3 comes with junos-ike package installed by default. You must run the command request system software add optional://junos-ike.tgz to load thejunos-ike package explicitly on SRX5K-SPC3 with RE2 and vSRX Virtual Firewall.

    [See Routing Protocols Support on IPsec VPN Tunnels.]

  • Juniper Secure Connect application supports IPv6 addresses (SRX5000 line of devices, and vSRX 3.0 running the iked process). While connecting to the Juniper Secure Connect application, you can provide an IPv6 address or IPv4 address as the gateway address and assign an IPv6 address or IPv4 address to a remote-access user.

    Earlier Junos OS releases support only IPv4 addresses.

    Note that IPv6 address-assignment is only supported when using certificate or EAP-based authentication

    This feature is supported on the unified iked process using junos-ike package. The SRX5K-SPC3 card with RE3 comes with junos-ike package installed by default. You must run the command request system software add optional://junos-ike.tgz to load thejunos-ike package explicitly on SRX5K-SPC3 with RE2 and vSRX Virtual Firewall.

  • Support for an enhanced hash key (SRX5400, SRX5600, and SRX5800). SRX5000 devices support an enhanced hash key. You implement a control path for the configured setting to reach the services processing cards SPC2 and SPC3. You can configure the session-id option under the [edit forwarding-options enhanced-hash-key] hierarchy.

    [See enhanced-hash-key.]

  • Traffic selector configuration changes impacts only partial tunnels (SRX5000 line of devices, and vSRX 3.0 running the iked process). When you modify a traffic selector configuration within a VPN object, only the modified and below configured traffic selectors will go down, and any traffic selector above the modified one is unaffected. In earlier Junos OS releases, when you modify a traffic selector in a VPN object, all the traffic selectors that are part of the VPN object go down and then the tunnel renegotiation occurs.

    Only partial tunnels are impacted when you modify a traffic selector configuration as follows:
    • Add a new configuration.
    • Delete an existing configuration.
    • Update an existing parameter in the configuration.
    • Update the sequence of the configuration by moving it above or below another configuration.

    This feature is supported on the unified iked process using junos-ike package. The SRX5K-SPC3 card with RE3 comes with junos-ike package installed by default. You must run the command request system software add optional://junos-ike.tgz to load thejunos-ike package explicitly on SRX5K-SPC3 with RE2 and vSRX Virtual Firewall.

    [See traffic-selector.]

  • VLAN-level MACsec on logical interfaces (EX9253 and QFX5120-48YM)

    [See Media Access Control Security (MACsec) over WAN.]