What’s Changed

Learn about what changed in this release for vSRX.

Platform and Infrastructure

SRX Series devices does not drop session with server certificate chain more than 6.

Content filtering CLI updates (SRX Series and vSRX)—We've the following updates to the content filtering CLI:
- Trimmed the list of file types supported for content filtering rule match criteria. Instead of uniquely representing different variants of a file type, now only one file-type string represents all variants. Hence, the show security utm content-filtering statistics output is also updated to align with the new file types available in the rule match criteria.
- Renamed the content filtering security logging option seclog to log to match with the Junos OS configuration standard.
- Rephrased the reason string associated with content filtering security log message.

IKEv1 Tunnel establishment not allowed with HSM enabled (vSRX3.0)—On vSRX 3.0, you can safeguard the private keys used by pkid and iked processes using Microsoft Azure Key Vault hardware security module (HSM) service.

But, you cannot configure Internet Key Exchange version 1 (IKEv1) after enabling the HSM service. If you still try to configure IKEv1 when HSM is enabled, a warning message is displayed.

Changes to IP address byte order (vSRX 3.0)—In syslog messages for KMD_VPN_DOWN_ALARM_USER and KMD_VPN_UP_ALARM_USER, the IP address byte order now appears in the correct order as against the reverse byte order which was appearing in earlier releases.