Security

When I was a little boy growing up back in the 20^th century, I used to really look forward to the Sears Christmas catalog arriving, since it always had new and cool stuff.  I would pour through the catalog and make a list that I hoped I might get for Christmas.

   Now I react the same way to Juniper Networks software releases.

I noticed that the SRX, Junos 12.1X47-D15, release shipped a few days ago, just in time for the Christmas season.  You may wonder why this is a big deal.  I thought I would share with you what I thought exciting.

If you would like to skip this and read the release notes yourself, they are here

I am not going to list all the features in this release, but I will list a few I think are cool or significant.

1. New in 12.1X47-D15 is support for the next generation SRX5K family switch control board (SRX5K-SCBE) and the next generation routing engine (SRX5K-RE-1800X4).  The new SCBE increases the SRX 5K family forwarding throughput from roughly 80-Gbps per slot to 120-Gbps per slot.  This provides another performance boost to the already impressive SRX5K family.  It also means the SRX5K family of devices can now support 100-Gbps interfaces at line rate.  Seriously, most of our firewall competitors don’t even have 100G interfaces, much less the ability to support line rate 100G.  The new RE will result in faster configuration processing, route convergence, etc and provides solid state drives versus the old spinning hard drives in the previous SRX RE. The reliability of the new RE is better as well.
2. The SRX240, 550, and 650 devices get SSL Proxy support which allows them to decrypt and inspect SSL traffic just like the High End SRX. Michael Callahan said in his blog- “A growing majority of encrypted application traffic is traversing your network and it’s slowly becoming a conduit for sophisticated malware attacks like advanced persistent threats (APTs).” SSL Proxy support allows these branch SRX devices to inspect and apply policy to this traffic.
3. RADIUS over IPv6 for system authentication.  This was a U.S. Department of Defense requirement and something wanted by the Research and Engineering community. Customers who wanted to manage their devices via IPv6 only networks needed this feature.
4. Encrypted control link on High-end SRX.  This provides even more security for HA configurations.