Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
[+] Expand All
[-] Collapse All

No index entries found.

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 12.1X47-D45 for the SRX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Chassis Cluster

  • On all SRX Series devices in chassis cluster, the reth interfaces only contain a single child physical interface (have no redundancy), the action of data-plane RGs failover and then failover back might cause the sessions flowed by the single child reth interfaces in backup state on both nodes, which results in traffic interruption. PR1213584

Flow-based and Packet-based Processing

  • On SRX3400 devices, it is observed that TP and CPS in SSLFP (enabled with IDP-REC policy, 1K key) drops by 15% to 18%. This issue has no impact on SRX5000 and SRX550 devices. The root cause of the drop is traced to an openSSL fix, where openssl got upgraded to version 1.0.1p in Junos OS Release 12.1X46-D55. The upgrade was essential to address several security vulnerabilities in SSL. PR1198833

General Packet Radio Service (GPRS)

  • On all high-end SRX Series devices in a mobile packet core network with GTPv2 enabled, if a device is configured as a border gateway, the GTPv2 packets which contains the modify bearer request might be dropped with a missing information element drop reason message. PR1065958

Network Address Translation (NAT)

  • On high-end SRX Series devices, while using source-based NAT with egress interface translation, upon egress interface IP address change, the current NAT sessions may not be removed until the session is aged-out. Traffic loss will occur while the traffic attempts to pass on the sessions using the old egress interface NAT IP. PR1201415


  • On branch SRX Series devices with chassis cluster enabled, when the RG0 failover occurs, the pp0 interface will flap if the IPsec VPN tunnel is established using a pp0 interface as the external interface. Due to a timing issue, the pp0 interface flapping might cause the VPN tunnel session and IPsec Security Association (SA) installed in the data-plane to be deleted but the IKE/IPsec SA installed in the Routing Engine will remain causing the VPN traffic outage.

    As a workaround, reconnecting PPPoE will restore the services as shown below:

    user@srx> request pppoe disconnect

    user@srx> request pppoe connect


  • On all SRX Series devices, when using P2MP IPsec VPN tunnels with dynamic routing over tunnel, a ksyncd core may be encountered after RG0 failover on previous RG0 primary node, if dynamic routing is removed from VPN tunnel prior to RG0 failover. PR1170531

Related Documentation

Modified: 2016-11-30