Hot Patch Releases
This section describes the installation procedure and resolved issues in Junos Space Security Director Release 23.1R1 hot patch.
During hot patch installation, the script performs the following operations:
- Blocks the device communication.
- Stops JBoss, JBoss Domain Controller (JBoss-dc), and jmp-watchdog services.
- Backs up existing configuration files and EAR files.
- Updates the Red Hat Package Manager (RPM) files.
- Restarts the watchdog process, which restarts JBoss and JBoss-dc services.
- Unblocks device communication after restarting the watchdog process for device load balancing.Note:
You must install the hot patch on Security Director Release 23.1R1 or on any previously installed hot patch. The hot patch installer backs up all the files which are modified or replaced during hot patch installation.
Installation Instructions
Perform the following steps in the CLI of the JBoss-VIP node only:
-
Download the Security Director 23.1R1 Patch vX from the download site.
Here, X is the hot patch version. For example, v1, v2, and so on.
-
Copy the
SD23.1R1-hotpatch-vX.tgz
file to the/home/admin
location of the VIP node. -
Verify the checksum of the hot patch for data integrity:
md5sum SD23.1R1-hotpatch-vX.tgz.
-
Extract the
SD23.1R1-hotptach-vX.tgz
file:tar -zxvf SD23.1R1-hotpatch-vX.tgz
-
Change the directory to
SD23.1R1-hotpatch-vX
.cd SD23.1R1-hotpatch-vX
-
Execute the
patchme.sh
script from theSD23.1R1-hotpatch-vX
folder:sh patchme.sh
The script detects whether the deployment is a standalone deployment or a cluster deployment and installs the patch accordingly.
A marker file, /etc/.SD23.1R1-hotpatch-vX
, is created with the list of
Red-hat Package Manager (RPM) details in the hot patch.
-
We recommend that you install the latest available hot-patch version, which is the cumulative patch.
New and Enhanced Features in the Hot Patch
Junos Space Security Director Release 23.1R1 hot patch includes the following enhancements:
-
Support for SRX2300—Starting in Junos Space Security Director Release 23.1R1 hot patch v3, we've provided support for SRX2300 device.
-
Support for SRX1600—Starting in Junos Space Security Director Release 23.1R1 hot patch v2, we've provided support for SRX1600 device.
Supported Devices in the Hot Patch
Table 1 lists the devices supported in Security Director 23.1R1 Hot Patch Releases.
Supported Device | Hot Patch Release Version |
---|---|
SRX1600 |
Junos Space Security Director 23.1R1 Hot Patch v2 |
SRX2300 |
Junos Space Security Director 23.1R1 Hot Patch v3 |
Resolved Issues in the Hot Patches
Table 2 lists the resolved issues in Security Director Release 23.1R1 hot patch.
PR | Description | Hot Patch Version |
---|---|---|
When user tries to delete a security policy rule between two zones, Security Director generates two delete statements and the update fails. |
v4 |
|
User is unable to create static route under Security Director 22.3R1.20 while using host/32. |
v4 |
|
IP filter tab search is not working as expected. |
v4 |
|
User is unable to publish a policy. |
v4 |
|
User is unable to change password from Security Director > My Profile > Change Password. |
v4 |
|
PR1764858 |
When user selects the application session under appvisibility page, Security Director redirects to the wrong filter under all events. |
v3 |
PR1756160 |
Devices missing from the UTM Install Category page. |
v3 |
PR1755886 |
During NAT policy import, Security Director creates address object with value 0.0.0.0/0 and not any IP4 adresses. |
v3 |
PR1754759 |
Security Director fails to search rule name for imported rules. |
v3 |
PR1765982 |
Security Director API fails to prevent creation of duplicate addresses. |
v3 |
PR1771392 |
User is unable to add an extranet device without an IP address when creating a site-to-site IPSec VPN where the remote site has a dynamic IP address. |
v3 |
PR1752533 |
LC under Insights Nodes disappears after discovery. |
v3 |
PR1724644 | Frequent syslog data parsing and circuit_breaking_exception error appers while fetching it via curl query. | v2 |
PR1751227 | Security director is unable to get the policy hit count using the rest API. | v2 |
PR1741255 | The application visibility feature shows incorrect application data in Security Director. | v2 |
PR1754290 | VPN publishing jobs fail. | v2 |
PR1755392 | When you search for a policy in Security Director through the rest API, the source or destination address of the policy is not displayed. | v2 |
PR1732842 | The Pie chart is not displayed in the generated report because of the exceeding character limit in the URL. | v2 |
PR1737807 | When you try to preview the changes done to a policy before publishing, it
fails with Calculating XML Edit Config error message. |
v1 |
PR1737807 | Security Director deletes the routing options autonomous-system configuration, when you try to update the devices with IPsec VPN. | v1 |
PR1736563 | Security Director modifies the device setup by adding an additional set of VPN configurations. | v1 |
PR1735089 | Security Director deletes the configurations for the policy-based VPNs that do not get imported to Security Director. | v1 |
PR1727372 | The VPN Monitoring page does not load the data in Security Director Release 22.3R1. | v1 |
PR1698920 | Security Director shows invalid configuration in the update configuration preview. | v1 |
PR1744985 | After upgrading Security Director to 23.1R1 release, report generation fails with an error. | v1 |
PR1732842 | The Pie chart is not displayed in the generated report because of the exceeding character limit in the URL. | v1 |
PR1746082 | When you schedule a job to generate a report, it fails with exceptions. | v1 |
PR1741255 | The application visibility feature shows incorrect application data in Security Director. | v1 |
PR1728629 | User is unable to sort the columns on the Logging Devices page in Security Director. | v1 |
PR1743599 | Security Director displays the Tunnel Status as UNKNOWN when user tries to create a VPN through the GUI. | v1 |
If the hot patch contains a UI fix, then you must clear the Web browser’s cache to reflect the latest changes.