Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Open Issues


This section lists the known issues in hardware and software in Junos OS Release 15.1X49-D230.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Flow-Based and Packet-Based Processing

  • MPLS EXP classifier not working on VLAN tagged interfaces. PR1028006

  • On SRX300, SRX320, SRX340, SRX345, and SRX550M devices, for logical interface scaling without per-unit-scheduler configured, the total number of logical interfaces is limited to 2048. With per-unit-scheduler configured on the physical interface, the total number of logical interfaces is limited to the CoS scheduler subunit upper limit of 2048. So, the maximum number of logical interfaces for per-unit-scheduler should be 2048 minus the number of physical interfaces that are up. With at least one logical interface up, the maximum number is 128. PR1138997

  • On SRX550M devices, upgrade fails when you upgrade from Junos OS Release 15.1X49-D30 to a later release without using the no-validate option. PR1237971

  • On SRX Series devices, sometimes the time range slider does not work for all events and individual events in Google Chrome and Firefox browsers. PR1283536

  • SNMP fails while polling data across custom routing instances on the SRX300 line of devices. PR1352311

  • VPN tunnels flap after a group is added or deleted in edit private mode in a clustered setup. PR1390831

  • T1 interfaces go down if Password Authentication Protocol (PAP) RADIUS authentication is configured. PR1402612

  • The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Refer to for more information. PR1407000

  • An MTU change after a CFM session is brought up can impact Layer 2 Ethernet ping (loopback messages). If the new MTU is lower than the original value, then Layer 2 Ethernet ping fails. PR1427589

Interfaces and Chassis

  • On SRX series device, pp0 IPv6 direct route and default route generated by RA does not work even if the route is populated in the routing table. PR1495839


  • On SRX Series devices, the dashboard widget applications ThreatMap and Firewall Top Denies initially show no data available even when the device has a large amount of data. Refresh the individual widgets to show the data. PR1282666

  • On SRX Series devices, the CLI terminal does not work for Google Chrome versions later than version 42. You can use the Internet Explorer version 10 or 11 or Firefox version 46 browser to use the CLI terminal. PR1283216

Network Management and Monitoring

  • SNMP queries for LAG MIB tables while LAG child interface is flapping may cause mib2d to grow in size and eventually crash with a core file. Mib2d restarts and recovers by itself. PR1062177

Platform and Infrastructure

  • On SRX Series devices running FreeBSD 6.0-based Junos OS, when a USB flash drive with a mounted file system is physically detached by a user, the system might panic. The issue is resolved with FreeBSD 10 and later (upgraded FreeBSD). PR695780

  • When using third-party certificate chain for the Web authentication redirect page, for the HTTP REST API, or for J-Web access, which contains at least one intermediate CA certificate, the SRX Series device does not send the intermediate certificate to the client. PR1408921

Routing Policy and Firewall Filters

  • In a rare case, a specific domain is not resolved by the SRX Series device when using the DNS address book. This is because the DNS library resolver fails to identify the pointer with a big offset in the compressed DNS name. PR1471408


  • On vSRX instances, if multiple traffic selectors are configured for a peer with IKEv2 reauthentication, only one traffic selector is rekeyed at the time of IKEv2 reauthentication. The VPN tunnels of the remaining traffic selectors are cleared without immediate rekeying. New negotiation of these traffic selectors is triggered through other mechanisms such as traffic or by peer. PR1287168

  • IKE SA does not get cleared and shows very long lifetime. This happens if the peer suddenly changes IP address and starts a new negotiation. PR1439338