Navigation
Back up to About Overview
[+] Expand All
[-] Collapse All
No index entries found.
Download This Guide
Known Issues
This section lists the known issues in hardware and software in Junos OS Release 12.1X47-D45 for the SRX Series.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Chassis Cluster
- On all SRX Series devices in chassis cluster, the reth interfaces only contain a single child physical interface (have no redundancy), the action of data-plane RGs failover and then failover back might cause the sessions flowed by the single child reth interfaces in backup state on both nodes, which results in traffic interruption. PR1213584
Flow-based and Packet-based Processing
- On SRX3400 devices, it is observed that TP and CPS in SSLFP (enabled with IDP-REC policy, 1K key) drops by 15% to 18%. This issue has no impact on SRX5000 and SRX550 devices. The root cause of the drop is traced to an openSSL fix, where openssl got upgraded to version 1.0.1p in Junos OS Release 12.1X46-D55. The upgrade was essential to address several security vulnerabilities in SSL. PR1198833
General Packet Radio Service (GPRS)
- On all high-end SRX Series devices in a mobile packet core network with GTPv2 enabled, if a device is configured as a border gateway, the GTPv2 packets which contains the modify bearer request might be dropped with a missing information element drop reason message. PR1065958
Network Address Translation (NAT)
- On high-end SRX Series devices, while using source-based NAT with egress interface translation, upon egress interface IP address change, the current NAT sessions may not be removed until the session is aged-out. Traffic loss will occur while the traffic attempts to pass on the sessions using the old egress interface NAT IP. PR1201415
VPN
- On branch SRX Series devices with chassis cluster enabled,
when the RG0 failover occurs, the pp0 interface will flap if the IPsec
VPN tunnel is established using a pp0 interface as the external interface.
Due to a timing issue, the pp0 interface flapping might cause the
VPN tunnel session and IPsec Security Association (SA) installed in
the data-plane to be deleted but the IKE/IPsec SA installed in the
Routing Engine will remain causing the VPN traffic outage.
As a workaround, reconnecting PPPoE will restore the services as shown below:
user@srx> request pppoe disconnect
user@srx> request pppoe connect
- On all SRX Series devices, when using P2MP IPsec VPN tunnels with dynamic routing over tunnel, a ksyncd core may be encountered after RG0 failover on previous RG0 primary node, if dynamic routing is removed from VPN tunnel prior to RG0 failover. PR1170531
Related Documentation
- New and Changed Features
- Changes in Behavior and Syntax
- Known Behavior
- Resolved Issues
- Documentation Updates
- Migration, Upgrade, and Downgrade Instructions
