Navigation  Back up to About Overview 
[+] Expand All
[-] Collapse All

Known Issues

This section lists the known issues in hardware and software in Junos OS Release 15.1X49-D90.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Application Layer Gateways (ALGs)

  • On SRX300 device, sometimes autoinstallation fails when you configure through Trivial File Transfer Protocol (TFTP) and the MAC address is incorrect . PR1258839

Ethernet Switching

  • On SRX300, SRX320, SRX340, SRX345, and SRX550M devices, the current Ethernet switching MAC aging is using software to age out bulk learned MAC addresses. You cannot age out specific MAC address learned at specific time immediately after the configured age. The MAC address might be aged out close to two times the configured age out time. PR1179089
  • On SRX1500 devices configured in Ethernet switching mode, only few MAC entries are shown in the output of show ethernet-switching table command, even after MAC age out time. This issue is applicable only when MAC learning table has more than 17000 MAC entries. PR1194667
  • On SRX300, SRX320, SRX340, and SRX345 devices, you cannot launch setup wizard after using the reset configuration button when the device is in Layer 2 transparent mode. You can launch the setup wizard by using the reset configuration button on the device when the device is in switching mode. PR1206189
  • On SRX345 and SRX550M devices, frame carried with priority bit on Tag Protocol Identifier (TPID) is lost when packet passes through with Layer 2 forwarding. PR1229021
  • On SRX300, SRX320, SRX340, SRX345, and SRX550M devices, after certain period of enabling dot1x, multiple first message EAP frames with the same timestamp are transmitted. However, this does not affect any dot1x functionality. PR1245325
  • On SRX345 device, sometimes it is observed that either on primary or the secondary node, the switching fab probe status is down in Layer 2 HA configuration. The Layer 2 HA traffic can work well under such state. This state moves to up on rebooting both nodes. PR1257617

Flow-based and Packet-based Processing

  • On SRX1500 devices, the log buffer size is increased to 30,000 in event mode. When the log buffer size was 1000, the Packet Forwarding Engine generated logs burst when there were more than 30 entries and more logs were dropped. PR1133757
  • On SRX5400, SRX5600, SRX5800 devices with IOC2 cards installed and np-cache feature enabled, low performance might be seen when fragmented traffic is present. PR1193769
  • On SRX300, SRX320, SRX340, and SRX345 devices, the device reboots when Juniper USB with part number RE-USB-4G-S (740-028898) is inserted in the USB slot while the device is on. PR1214125
  • On SRX1500, SRX4100, and SRX4200 devices, the RPM firewall counter increases the best-effort traffic class when probe-type, tcp-ping, and dscp-code-points CS7 are configured. PR1212678
  • On SRX300, SRX320, SRX340, SRX345, and SRX550M devices, use logical tunnel interface: lt-0/0/0 as the destination interface option for RPM probe-server in device box.PR1257502
  • On SRX300, SRX320, SRX340, and SRX345 devices, when the protocol packets flooded into device, the CPU usage is exhausted to process the BPDU frame which has higher priority than L3 protocol, such as, ICMP and IPv4. On the device, the CPU process to receive maximum number of frames and might exhaust during high traffic. PR1259793

Interfaces and Routing

  • On SRX300, SRX320, SRX340, SRX345, and SRX550M devices, for IFLS (logical interface) scaling:
    • Without per-unit-scheduler configured, total IFL number is limited to 2048.
    • With per-unit-scheduler configured on the IFD interface: total IFL number is limited to CoS scheduler sub-unit upper limit (2048). So, IFL max-number for per-unit scheduler should be 2048 minus the number of physical interface (which is up with at least one logical interface up, maximum number is 128). PR1138997
  • On SRX5600 devices, when CoS on st0 interface is enabled and the incoming traffic rate destined for st0 interface is higher than 300000 packets per second (pps) per SPU, the device might drop some of the high priority packets internally and shaping of outgoing traffic might be impacted. It is recommended that you configure appropriate policer on the ingress interface to limit the traffic below 300000 pps per SPU. PR1239021
  • On SRX550M devices, traffic loop is seen with MSTP for untag traffic from IxNetwork ports. Configuring native-vlan id on the interfaces connected to IxNetwork port removes the loop. PR1259099


  • On SRX Series devices in chassis cluster, if you want to use J-Web to configure and commit the configurations, you must ensure that all other user sessions are logged out including any CLI sessions. Otherwise, the configurations might fail. PR1140019
  • On SRX1500 devices in J-Web, snapshot functionality Maintain > Snapshot > Target Media > Disk > Click Snap Shot is not supported. PR1204587
  • On SRX Series devices, DHCP relay configuration under Configure > Services > DHCP > DHCP Relay page is removed from J-Web in Junos OS Release 15.1X49-D60. The same DHCP relay can be configured using the CLI. PR1205911
  • On SRX Series devices, DHCP client bindings under Monitor is removed for Junos OS Release 15.1X49-D60. The same bindings can be seen in CLI using the show dhcp client binding command. PR1205915
  • On SRX Series devices, if the load is more than 5000 bytes then the J-Web responds slowly and the navigation of pages takes more time. PR1222010
  • On SRX4100 devices, a security policy page in J-Web does not load when it has 40000 firewall policy configuration. Navigate to Configure > Security > Security Policy page. PR1251714
  • On SRX Series devices, the help pages for Monitor>DHCP Server and Monitor>DHCP Relay are not displayed. PR1267751

Network Address Translation (NAT)

  • On SRX Series devices, if dead-peer-detection is configured, in a rare circumstances (under multiple failover), the tcp-encap sessions might be cleared. Refresh establishes a new tcp-encap sessions. PR1267273

Platform and Infrastructure

  • On SRX Series devices, when a USB flash device with a mounted file system is physically detached by a user, the system might panic in such situation. This is a known FreeBSD issue which is resolved in version 7.3 and later. PR695780
  • On SRX5800 devices, if the system service REST API is added to the configuration, though commit can be completed, all the configuration changes in this commit does not take effect. This occurs as the REST API daemon fails to come up and the interface IP is not available during bootup. The configuration is not read on the Routing Engine side. PR1123304
  • On SRX4100 and SRX4200 devices, although the CLI is configurable, the following features are not supported: Group VPN, VPN Suite B, and encrypted control links when in chassis cluster. PR1214410
  • On SRX Series devices, a core file is generated when traffic causes high memory usage and lot of memory allocation failures are observed at Deep Packet Inspection (DPI) module. The core file is difficult to reproduce and high memory usage might not always result in core file. The core file is generated due to buffering issues in DPI engine code when the application identification requires data to be buffered at engine. PR1266517

Unified Threat Management (UTM)

  • On SRX Series devices with Sophos Antivirus (SAV) configured, some files that have size larger than the max-content-size might not go into fallback state. Instead, some protocols do not predeclare the content size. PR1005086
  • On SRX Series devices, if Advanced Anti-Malware service (AAMW) is enabled, and SMTP is configured in the AAMW policy, and fallback permit is enabled, under the long network latency between device and AWS running Sky ATP service, there might be a file submission timeout. When the sending timeout happens, there is a potential chance that the e-mail sent out from the outlook stays in the outbox of the sender, and the receiver does not receive the e-mail. PR1254088

Upgrade and Downgrade

  • On SRX550M devices, when upgrading from Junos OS Release 15.1X49-D30 to a later version, upgrade fails. PR1237971


  • On SRX Series devices, if IPsec VPN tunnel is established using IKEv2, due to bad SPI, packet drop might be observed during CHILD_SA rekey when the device is the responder for this rekey. PR1129903
  • On SRX Series devices, RIP is supported in P2P DC mode over st0 interfaces. PR1141817
  • On SRX5800 devices, when upgrading from Junos OS Release 15.1X49-D30 to 15.1X49-D35, 15.1X49-D40, and 15.1X49-D50 or from 15.1X49-D35, 15.1X49-D40, and 15.1X49-D50 to 15.1X49-D60 release, the ISSU fails for AutoVPN/ADVPN/DEP IPsec VPN tunnels. PR1201955
  • On SRX1500 devices, if DPD is configured fortcp-encap sessions, then the effective DPD timeout must be increased to greater than 120 seconds. PR1254875

Modified: 2017-11-28