Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Issues

 

This section lists the known issues in hardware and software in Junos OS Release 15.1X49-D200.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Flow-Based and Packet-Based Processing

  • The l2cpd process leaks memory if the Layer 2 learning process is disabled. PR1336720

  • SNMP fails while polling data across custom routing instances on the SRX300 line of devices. PR1352311

  • In a multithreaded environment, the service offload counter might be incorrect. PR1381312

  • On all SRX Series devices, in chassis cluster with Z mode traffic and local (non-reth) interfaces configured, when using ECMP routing between multiple interfaces residing on both node0 and node1, if a session is initiated through one node and the return traffic comes in through the other node, packets might be dropped due to reroute failure. PR1410233

  • On all SRX Series devices with advanced anti-malware service configured, due to a rare issue in file system handling in the data plane, the flowd/srxpfe process might crash. PR1437270

  • Unexpected IP address is included in custom IP feed on an SRX4100 cluster. You can resolve this issue by restarting the security intelligence process. PR1440157

  • AAWM policy rules for IMAP traffic sometimes might not get applied on SRX Series devices. PR1450904

  • On an SRX340 device with J-Flow version 9 configured, the flowd process might generate core files frequently when the device is busy. PR1463689

  • The jbuf process usage might increase up to 99 percent after a Junos OS upgrade. PR1467351

  • On the SRX300 line of devices with Mini-PIM installed, tail-drop might happen on all ports when the serial egress port gets congested. PR1468430

Install and Upgrade

  • On SRX550M devices, upgrade fails when you upgrade from Junos OS Release 15.1X49-D30 to a later release without using the no-validate option. PR1237971

Interfaces and Chassis

  • On SRX300, SRX320, SRX340, SRX345, and SRX550M devices, for IFLS (logical interface) scaling without per-unit-scheduler configured, the total IFL number is limited to 2048. With per-unit-scheduler configured on the IFD interface, the total IFL number is limited to the CoS scheduler sub-unit upper limit of 2048. So, the IFL maximum number for per-unit-scheduler should be 2048 minus the number of physical interfaces that are up. With at least one logical interface up, the maximum number is 128. PR1138997

  • The monitor interface command starts the ifmon process. During this time, if the telnet session to the router is disconnected unconventionally, then the ifmon process is not terminated and takes up 100 percent CPU utilization. The workaround is to terminate the stale ifmon process. PR1162521

  • On the SRX4000 line of devices, the fxp0 interface status does not show the proper state for speed and duplex. PR1392050

  • Multipath credit limit might be reset after multiple configuration changes and interface flaps. The credit limit might be reset based on the default interface speed of 1 Gbps and default or configured bandwidth limit. PR1401090

  • T1 interfaces go down if Password Authentication protocol (PAP) RADIUS authentication is configured. PR1402612

  • On SRX1500 platforms, when you configure interface-mac-limit on one interface and then send traffic with a different source MAC address (such as 10,000) to the interface. The number of learned MAC addresses reaches max-value limit (8192). Traffic cannot transfer on all interfaces. PR1409018

  • On SRX1500 devices, the link does not come up after you replace a copper transceiver with a fiber transceiver until you reboot the device. PR1437615

Intrusion Detection and Prevention

  • IDP install fails on one node because the AppID process gets stuck. PR1336145

J-Web

  • On SRX4100 devices, a security policy page in J-Web does not load when it has 40,000 firewall policy configurations. Navigate to Configure> Security> Security Policy page. PR1251714

  • On SRX Series devices, the dashboard widget applications, ThreatMap, and Firewall Top Denies initially show no data available even when the device has a large amount of data. Refresh the individual widgets to show the data. PR1282666

  • On SRX Series devices, the CLI terminal does not work for Google Chrome versions later than version 42. You can use Internet Explorer version 10 or 11 or Firefox version 46 browsers to use the CLI terminal. PR1283216

  • On SRX Series devices, sometimes the time range slider does not work for all events and individual events in Google Chrome and Firefox browsers. PR1283536

Network Management and Monitoring

  • The snmpd process leaks memory in snmpv3 query path and crashes. The issue is caused by a memory leak when the request PDU is dropped by SNMP when the snmp filter-duplicates configuration is enabled. Each request PDU has a structure pointer for the SNMPv3 security details. This is allocated when the PDU is created or cloned. But while dropping the duplicate requests, the corresponding structure is not freed, which causes the memory leak. PR1392616

Platform and Infrastructure

  • On SRX Series devices running FreeBSD 6-based Junos OS, when a USB flash device with a mounted file system is physically detached by a user, the system might panic. The issue is resolved with FreeBSD 10 and later. Contact JTAC to confirm whether the code and platform in your setup are running FreeBSD 10 or later. PR695780

  • On SRX Series devices, the flowd process might stop and cause traffic outage if the SPU CPU usage is higher than 80 percent. Therefore, some threads are in waiting status and the watchdog cannot be toggled on time, causing the flowd process to stop. PR1162221

  • On SRX Series devices, mgd core files are generated during RPC communication between the SRX Series device and Junos Space or CLI if the % symbol is present in the description or annotation. PR1287239

  • On SRX5600 and SRX5800 devices in a chassis cluster, when a second Routing Engine is installed to enable dual control links, the show chassis hardware command might show the same serial number for the second Routing Engines on both the nodes. PR1321502

  • On the SRX4000 line of devices with chassis cluster setup and more than two ports are bound reth on each node, packet drop might be seen. PR1345941

  • When using third-party certificate chain for the Web authentication redirect page, for the HTTP REST API, or for J-Web access, which contains at least one intermediate CA certificate, the SRX Series device does not send the intermediate certificate to the client. PR1408921

  • MTU change after a CFM session is brought up can impact Layer 2 Ethernet ping (loopback messages). If the new MTU is lower than the original value, then Layer 2 Ethernet ping fails. PR1427589

Routing Policy and Firewall Filters

  • An SRX345 device running Junos OS Release 15.1X49-D180 has high NSD usage due to possible memory leak. PR1452721

VPNs

  • If multiple traffic selectors are configured for a peer with Internet Key Exchange version 2 (IKEv2) reauthentication, only one traffic selector is rekeyed at the time of IKEv2 reauthentication. The VPN tunnels of the remaining traffic selectors are cleared without immediate rekey. A new negotiation of those traffic selectors is triggered through other mechanisms—for example, by traffic or by a peer. PR1287168

  • The VPN tunnels in two chassis cluster nodes can go out of synchronization after the VPN generates a core file in the active chassis cluster node. The VPN tunnels that are out of synchronization can impact traffic. PR1351646

  • When using the operational mode request security ike debug-enable command for IKE debugging after using IKE traceoptions with a file name specified in the configuration, the debugs are written to the same file name. PR1381328

  • VPN tunnels flap after adding or deleting a group in edit private mode on a clustered setup. PR1390831

  • The VPN tunnel might flap in a rare scenario when IKE and IPsec rekey happen simultaneously. PR1421905

  • On SRX5400, SRX5600, and SRX5800 devices, when chassis cluster is configured and IPsec tunnels are set up with DPD, after RGs failover on chassis cluster, some IPsec tunnels flap and there is temporary VPN traffic interruption until it restored automatically. PR1450217

  • On SRX Series devices with more than 500 IPsec VPN tunnels configured, the IPsec VPN might flap while establishing a connection for the first time. PR1455951