Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Known Issues


This section lists the known issues in hardware and software in Junos OS Release 15.1X49-D190.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Flow-Based and Packet-Based Processing

  • On SRX5800 devices, if the system service REST API is added to the configuration, even though the commit can be completed, all the configuration changes in the commit will not take effect. This occurs because the REST API process fails to come up and the interface IP address is not available during bootup. The configuration is not read on the Routing Engine side. PR1123304

  • On SRX Series devices, if advanced anti-malware service (AAMW) is enabled, and SMTP is configured in the AAMW policy with fallback permission enabled under the long network latency between the devices, and AWS is running Juniper Sky ATP service, there might be a file submission timeout error. When sending the timeout error, there is a possibility that the e-mail sent from Outlook might stay in the outbox of the sender, and the receiver might not receive the e-mail. PR1254088

  • SNMP fails when SNMP fails while polling data across custom routing instances from SRX300 series. PR1352311

  • On all SRX Series platforms, in chassis cluster with Z mode traffic and local (non-reth) interfaces configured, when using ECMP routing between multiple interfaces residing on both node0 and node1, if a session is initiated through one node and the return traffic comes in through the other node, packets may get dropped due to reroute failure. PR1410233

  • On all SRX Series devices with advanced anti-malware service used, due to a rare issue in file system handling in data plane, the flowd/srxpfe process might crash. PR1437270

  • Unexpected IP address is included in custom IP feed on an SRX4100 cluster. You can resolve this issue by restarting the security intelligence process. PR1440157

  • On SRX Series devices with source NAT configured, the IKE pass-through packet might be dropped after a NAT operation on the source. The issue impacts pass-through IPsec traffic. PR1440605

Install and Upgrade

  • On SRX550M devices, upgrade fails when you upgrade from Junos OS Release 15.1X49-D30 to a later release without using the no-validate option. PR1237971

Interfaces and Chassis

  • On SRX300, SRX320, SRX340, SRX345, and SRX550M devices, for IFLS (logical interface) scaling without per-unit-scheduler configured, the total IFL number is limited to 2048. With per-unit-scheduler configured on the IFD interface. The total IFL number is limited to the CoS scheduler sub-unit upper limit is 2048. So, the IFL maximum number for per-unit-scheduler should be 2048 minus the number of physical interface which is up with at least one logical interface up, the maximum number is 128. PR1138997

  • The monitor interface command will start the ifmon process. In this time if telnet session to the router is disconnected unconventionally, then the ifmon process was not killed and it will take up 100 percent CPU utilization. The workaround is to terminate the stale ifmon process. PR1162521

  • On the SRX4000 line of devices, the fxp0 interface status does not show the proper state for speed and duplex. PR1392050

  • Multipath credit limit might get reset after multiple configuration changes and interface flaps. While there is no proper sequence of steps that cause it, the credit limit might get reset considering the default interface speed of 1 Gbps and default/configured bandwidth limit. PR1401090

  • T1 interfaces go down if Password Authentication protocol (PAP) RADIUS authentication is configured. PR1402612

  • On SRX1500 platforms, when you configure interface-mac-limit on one interface and then send traffic with different source MAC (such as 10,000) to the interface. The number of learned MAC addresses reach max-value limit (8192). Traffic cannot transfer on all interfaces. PR1409018

  • On SRX1500 devices, the link does not come up after you replace a copper transceiver with a fiber transceiver until you reboot the device. PR1437615


  • On SRX4100 devices, a security policy page in J-Web does not load when it has 40,000 firewall policy configurations. Navigate to Configure> Security> Security Policy page. PR1251714

  • On SRX Series devices, log in to J-Web and navigate to Monitor>Services>DHCP>DHCP SERVER & DHCP RELAY, when you click the Help page icon, the Online Help page displays a 404 error message. PR1267751

  • On SRX Series devices, the dashboard widget applications, ThreatMap, and Firewall Top Denies initially show no data available even when the device has a large amount of data. Refreshing the individual widgets to show the data. PR1282666

  • On SRX Series devices, the CLI terminal does not work for Google Chrome version later than version 42. You can use Internet Explorer 10 or 11 or Firefox 46 browsers to use the CLI terminal. PR1283216

  • On SRX Series devices, sometimes the time range slider does not work for all events and individual events in Google Chrome or Firefox browsers. PR1283536

  • The default idle-timeout value for J-Web access is 30 minutes. PR1446990

  • On SRX Series devices, configure event mode logging for displaying the traffic log in J-Web. But when a stream mode host is configured under security/log, J-Web is no longer able to display the traffic log. PR1448541

Platform and Infrastructure

  • On SRX Series devices running FreeBSD 6-based Junos OS, when a USB flash device with a mounted file system is physically detached by a user, the system might panic. The issue is resolved with FreeBSD 10 and later. Please contact JTAC for confirmation if the code and platform in your case is running FreeBSD 10 or later. PR695780

  • On SRX Series devices, mgd core files are generated during RPC communication between the SRX Series device and Junos Space or CLI with % present in the description or annotation. PR1287239

  • On SRX5600 and SRX5800 devices in a chassis cluster, when a second Routing Engine is installed to enable dual control links, the show chassis hardware operational command may show the same serial number for both the second Routing Engines on both the nodes. PR1321502

  • MTU change post a CFM session is up can impact Layer 2 Ethernet ping (loopback messages). If the new change is less than initial incarnation then Layer 2 Ethernet ping fails. PR1427589

  • On all SRX Series devices, when using NAT64 translation, RTSP uses a wrong string to rewrite the message payload, which might result in the message being dropped in a remote device. PR1443222


  • On SRX Series devices, in case multiple traffic-selectors are configured for a peer with IKEv2 reauthentication, only one traffic-selector will rekey at the time of IKEv2 reauthentication. The VPN tunnels of the remaining traffic selectors will be cleared without immediate rekey. New negotiation of those traffic-selectors might trigger through other mechanisms such as traffic or by peer. PR1287168

  • When using the operational mode request security ike debug-enable for IKE debugging after having used IKE traceoptions with a file name specified in the configuration, the debugs are still being written to the same file name. PR1381328

  • VPN tunnels flap after adding or deleting a group in edit private mode on a clustered setup. PR1390831

  • When VPN IPsec with NAT-T (NAT in the middle of IPsec peers) is in place, the performance of the SRX Series devices is slow. PR1424937