Software FeaturesSecurity• Policy usability—This feature is supported on all J-SRX Series devices.In a Junos OS stateful firewall, security policies enforce rules for transit traffic, in termsof what traffic can pass through the firewall, and the actions that need to take placeon the traffic as it passes through the firewall. Periodically, traffic does not pass for anumber of reasons. For example, traffic does not match a correct policy configurationor the source of the traffic is incorrect. The source of the problem can sometimes bedifficult to identify. The show security match-policies command allows you totroubleshoot traffic problems in the five tuples: source port, destination port, sourceIP address, destination IP address, and protocol. The command works offline to identifywhere the exact problem in the transit traffic exists. It uses the actual search engineto identify the problem and thus enables you to use the appropriate match policy forthe traffic.Advertising Bandwidth for Neighbors on a Broadcast Link SupportThis feature is supported on all J-SRX Series devices.You can now advertise bandwidth for neighbors on a broadcast link. The network link isa point-to-multipoint (P2MP) link in the OSPFv3 link state database. This feature usesexisting OSPF neighbor discovery to provide automatic discovery without configuration.It allows each node to advertise a different metric to every other node in the network toaccurately represent the cost of communication. To support this feature, a newinterface-type under the OSPFv3 interface configuration has been added to configurethe interface as p2mp-over-lan. OSPFv3 then uses LAN procedures for neighbor discoveryand flooding, but represents the interface as P2MP in the link state database.The interface type and router LSA are available under the following hierarchies:• [protocols ospf3 area area-id interface interface-name]• [routing-instances routing-instances-name protocols ospf3 area area-id interfaceinterface-name][LN1000 Mobile Secure Router User Guide]Group VPN Interoperability with Cisco’s GET VPNCisco’s implementation of GDOI is called Group Encryption Transport (GET) VPN. Whilegroup VPN in Junos OS and Cisco's GET VPN are both based on RFC 3547, The GroupDomain of Interpretation, there are some implementation differences that you need tobe aware of when deploying GDOI in a networking environment that includes both Dellsecurity devices and Cisco routers. This topic discusses important items to note whenusing Cisco routers with GET VPN and Dell security devices with group VPN.Group servers and group members on Dell security devices cannot interoperate withCisco GET VPN members. Group members on Dell security devices can interoperate withCisco GET VPN servers, with the following caveats:5Advertising Bandwidth for Neighbors on a Broadcast Link Support