Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Behavior


This section contains the known behaviors, system maximums, and limitations in hardware and software in Junos OS Release 17.4R2 for the SRX Series.

Authentication and Access

  • On SRX Series devices with 256K user firewall authentication entries, in case of a failover or when PFE restart occurs, the show services user-identification command will generate response timeout. This timeout will last for at least 10 minutes. PR1302269

  • On SRX Series devices, the traffic that is sourced-from or destined-to the SRX Series device itself is classified as UNKNOWN in AppTrack log messages. PR1340338

Chassis Clustering

  • On SRX4600 devices, the dedicated Chassis Cluster fabric ports are not available. Instead, any 40G or 10G traffic ports can be used as chassis cluster fabric ports.

  • IP monitoring for redundancy groups does not work on the secondary node if the reth interface has more than one physical interfaces configured. This is because the backup node sends traffic using the MAC address of the lowest port. If the reply does not come back on the same physical port, then the internal switch drops the traffic. PR1344173

Install and Upgrade

  • On SRX Series devices, when you perform a downgrade from Junos OS Release 17.4R1-S2 or 17.4R2 to Junos OS Release 15.1X49-D125, using the request system software add command, downgrade fails. An error message mentioning that you need to force the downgrade process using the force CLI option is displayed. Use the force CLI option to force the downgrade. There is no need to use the force option when you downgrade from Junos OS Release 15.1 to any other release. 1350558

Interfaces and Chassis

  • On SRX4600 devices, the 10-Gigabit Ethernet and chassis cluster ports cannot be configured to operate as 1-Gigabit Ethernet ports.

  • SRX4600 device interfaces only support the following two traffic port modes:

    • 4x40G (all four QSFP28+ ports) + 8x10G (all eight SFP+ ports) by default.

    • 2x100G (first two QSFP28+ ports) + 4x10G (first four SFP+ ports) by configuration as shown below:

      • set chassis fpc 1 pic 0 pic-mode 100G

      • set chassis fpc 1 pic 0 number-of-ports 2

      • set chassis fpc 1 pic 1 number-of-ports 4


      The system requires a reboot after committing the above configuration.

  • On SRX4600 devices, the RAID-1 mirror feature is not available. The second SSD is not available for use, although it is present.

  • On SRX4600 devices, precision Time Protocol (PTP) feature is not available.

  • On SRX4600 devices, USB disk is not available for the Junos OS. However, the USB disk is available with full access for Host OS (Linux) and USB is still used in the booting process (install and recovery functions). PR1283618

  • On SRX1500 devices, pp0.0 interface link status is not up. PR1315416

  • USB stops working if the USB is removed while it is in initialization state. To avoid this issue, wait for few seconds before removing the USB. PR1332360


  • On SRX550M and SRX1500 devices, there is no option to configure Layer 2 firewall filters from J-Web, irrespective of the device mode. PR1138333

  • On SRX Series devices in chassis cluster, if you want to use J-Web to configure and commit the configurations, you must ensure that all other user sessions are logged out including any CLI sessions. Otherwise, the configurations might fail. PR1140019

  • On SRX1500 devices in J-Web, snapshot functionality under Maintain->Snapshot->Target Media->Disk->Click Snap Shot is not supported. PR1204587

  • On SRX Series devices, DHCP relay configuration under Configure > Services > DHCP > DHCP Relay page is removed from J-Web in Junos OS Release 15.1X49-D60. The same DHCP relay can be configured using the CLI. PR1205911

  • On SRX Series devices, DHCP client bindings under Monitor is removed. The same bindings can be seen in CLI using the show dhcp client binding command. PR1205915

  • On SRX Series devices, if the configuration load is more than 5000 bytes then J-Web responds slowly and the navigation of pages might take more time.PR1222010

  • On SRX Series devices, you cannot view the custom log files created for event logging in J-Web. PR1280857

  • On SRX Series devices, generation of reports will work in IE and chrome browsers. To generate report in firefox, delete existing ff profile and relaunch firefox with new profile. PR1303722

  • Uploading certificate using browse button, stores the certificate in device at /jail/var/tmp/uploads/, which is deleted when you execute the CLI request system storage cleanup command.PR1312529

  • The values of address and address-range are not displayed in the inline address-set creation pop-up window of Juniper Identity Management Service (JIMS).PR1312900

Layer 2 Ethernet Services

  • PPPoe + DHCPv6 cannot work in all SRX platforms with 15.1X49 and later versions. PR1229836

User Interface and Configuration

  • On SRX1500 devices, committing a configuration with a huge number of logical systems will take more time. This issue occurs because taking backup of previous configurations might take a little longer to finish. PR1339862


  • On SRX5400, SRX5600, and SRX5800 devices, when CoS is enabled on the st0 interface and the incoming traffic rate destined for the st0 interface is higher than 300,000 packets per second (pps) per SPU, the device might drop some of the high-priority packets internally and shaping of outgoing traffic might be impacted. We recommended that you configure the appropriate policer on the ingress interface to limit the traffic below 300,000 pps per SPU. PR1239021