Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Resolved Issues

 

This section lists the issues fixed in the Junos OS main release and the maintenance releases for the SRX Series.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 17.4R2

Application Layer Gateways (ALGs)

  • On SRX1400 device, the NFS traffic to port 2049 might drop. PR1307763

  • The configure download URL displays warning message requires appid-sig license. PR1324858

  • On SRX Series devices with SIP ALG enabled, the SIP ALG might drop SIP packets which have a referred-by or referred-to header field containing multiple header parameters. PR1328266

  • SIP calls drop, when the limit per SPU crosses 10,000 calls. PR1337549

Authentication and Access Control

  • On SRX Series devices, PFE might crash and huge number of core files might be generated within a short period of time. PR1326677

  • On SRX Series devices, incomplete Request Support Information (RSI) might be seen. PR1329967

  • On SRX Series devices, the sessions might close because of the idle Timeout junos-fwauth-adapter logs. PR1330926

  • The uacd process is unstable after upgrading to Junos OS Release 12.3X48 and later releases. PR1336356

  • On SRX Series devices, the show version detail command returns an error message: Unrecognized command (user-ad-authentication) while configuring the useridd settings. PR1337740

  • A new configuration is available to configure the web-authentication timeout. PR1339627

Chassis Clustering

  • The route information might not be synchronized between node0 and node1 when configuring the firewall filter or APBR to use the non-default routing-instance. PR1292235

  • Flowd process core files are generated after adding 65536 VPN tunnels using traffic selector with the same remote IP. PR1301928

  • On devices enabled with chassis cluster, the ISSU upgrade might fail and display an error message ISSU aborted and exiting ISSU window. PR1306194

  • On SRX1500, SRX4100 and SRX4200 devices, ISSU might fail if LACP and interface monitoring are configured. PR1305471

  • File Descriptor might leak on SRX Series chassis clusters with Sky ATP enabled. PR1306218

  • When services offloading feature is enabled, the device changes TCP checksum value to 0x0000 .PR1317650

  • When ISSU is performed from a Junos OS Release prior to 15.1X49-D60 to a Junos OS Release 15.1X49-D60 or later, flowd process generates core files. PR1320030

  • The device might stop forwarding traffic after RG1 failover from node0 to node1. PR1323024

  • When RG0 failover or primary node reboot happens, some of the logical interfaces might not be synchronized to the other node if the system has around 2,000 logical interfaces and 40,000 security policies. PR1331070

  • After the primary node or the secondary node restarts, the FPC module goes offline on the secondary node. PR1340116

  • In and active/active cluster, route change timeout does not work as expected. PR1314162

Class of Service (CoS)

  • Packets go out of order on SPC2 cards with IOC1 or FIOC cards. PR1339551

Flow-Based and Packet-Based Processing

General Routing

  • SRX1500 devices might power off unexpectedly because of incorrect device temperature readings which reported a too high temperature, leading to an immediate pro-active power-off of the device to protect the device from overheating. However in these cases the temperature was not actually too high and a power-off would not be required. When this occurs, the following log message is shown in file /var/log/hostlogs/lcmd.log: Jan 25 13:09:44 localhost lcmd[3561]: srx_shutdown:214: called with FRU TmpSensor. PR1241061

  • On SRX4100 and SRX4200 devices, packet loss is observed when the value of packet per second (pps) through the device is very high. This occurs because of the update of the application interval statistics statement, which has a default timer value of 1 minute. You can avoid this issue by setting the interval to maximum using the set services application-identification statistics interval 1440 command. PR1290945

  • The show host server name-server host CLI command fails when the source address is specified under the name-server configuration. PR1307128

  • A memory leak might occur in the appidd process while updating an application signature package. PR1308863

  • On SRX4600 devices, when you run the clear security flow session command, time taken to clear the session depends on the total session number. For example, the clear session takes nine minutes to clear 57M session. PR1308901

  • On SRX Series devices, if destination NAT and session affinity are configured with multiple traffic selectors in IPsec VPN, the traffic selector match might fail. PR1309565

  • The flowd process might stop and generate a core file during failover between node 0 and node 1. PR1311412

  • On SRX Series devices, the IPsec tunnel might fail to be established if datapath debug configuration include the options preserve-trace-order, record-pic-history, or both. PR1311454

  • The SRX Series device drops packets citing the reason "Drop pak on auth policy, not authed". PR1312676

  • The flowd process might stop if the SSL-FP profile is configured with whitelist. PR1313451

  • If IDP and SSL forward proxy whitelist are configured together, the device might generate a core file. PR1314282

  • On SRX550M devices, phone-home.core is generated after the zeroization procedure. PR1315367

  • If the Sky ATP cloud feed updates, the Packet Forwarding Engine might stop causing intermittent traffic loss. PR1315642

  • On SRX Series devices, the IPSec VPN tunnel with traffic-selector is configured and the packets TTL is set to 1, the flowd process stops and generates a core file on both the nodes. PR1316134

  • Periodic PIM register loop is observed during switch failure. PR1316428

  • On SRX Series devices, the fin-invalidate-session command does not work when the Express Path feature is enabled on the device. PR1316833

  • Return traffic through the routing instance might drop intermittently after changing the zone and routing-instance configuration on the st0.x interface. PR1316839

  • SRX300 devices DHCP client cannot obtain IP addresses. PR1317197

  • Default route is lost after system zero. PR1317630

  • SSL firewall proxy does not work if root-ca has fewer than four characters. PR1319755

  • The OSPF peers are unable to establish neighbors between the LT interfaces of the logical systems. PR1319859

  • On SRX Series devices, after logical system is configured, about 10 logical systems are not working. PR1323839

  • The flowd process generates core files on both nodes causing an outage. PR1324476

  • The MPC cards might drop traffic in the event of high temperatures. PR1325271

  • Software next-hop table is full with log messages RT_PFE: NH IPC op 1 (ADD NEXTHOP) failed, err 6 (No Memory) peer_class 0, peer_index 0 peer_type 10. PR1326475

  • If the serial number of the certificate for the SSL proxy has two consecutive zeros, the certificate authentication fails. PR1328253

  • When you use CFLOW, the source address for flow packets is not displayed. PR1328565

  • On SRX Series devices, the one-way jitter traps are not generated when the TWAMP is configured. PR1328708

  • The FPC is dropped or hangs in the present state when the intermittent control link heartbeat is observed. PR1329745

  • On SRX Series devices with stream logging configured, high CPU load is observed. PR1331011

  • The IPv6 traffic does not work as expected on IOC3 with the services offloading (npcache) feature. PR1331401

  • NTP synchronization fails and switches to a local clock. PR1331444

  • Inaccurate Jflow records might be seen for output interface and next hop. PR1332666

  • The whitelist function in syn-flood does not work. PR1332902

  • The show vlans detail no-forwarding command in the RSI does not display any information, because the no-forwarding option is not supported. PR1336267

  • Two-way active measurement protocol (TWAMP) client, when configured in a routing instance, does not work after a reboot. PR1336647

  • On the front panel LED, the red alarm goes on after an RG0 failover is triggered when the flowd process stops. PR1338396

  • The unfiltered traffic is captured after traceoptions are deactivated. PR1339213

  • SSH to the loopback interface of SRX Series devices does not work properly when AppTrack is configured. PR1343736

  • The flowd process might stop when SYN-proxy function is used. PR1343920

  • SNMP MIB walk provides incorrect data counters for total current flow sessions. PR1344352

  • SRX1500 devices might encounter a failure while accessing the SSD drive. PR1345275

  • The policy and zone configuration are not in synchronization with the Packet and Forwarding Engine (PFE). PR1345397

  • The REST API is not working on the SRX320-POE device. PR1347539

  • File download stops over a period of time when TCP proxy is activated through Antivirus or Sky ATP. PR1349351

  • When a J-Flow related configuration is deleted, the forwarding plane begins to drop packets. PR1351102

  • If the Trusted Platform Module (TPM) is enabled, the configuration integrity failure occurs when there is a power loss for few seconds after the commit. PR1351256

  • On SRX1500 device, after the SSL forward proxy is configured, the system stops and generates a core file. PR1352171

  • The flowd process generates a core file when the SIP ALG is enabled. PR1352416

  • When the routing instance is configured, the UTM Anti-Spam:DUT process do not send the DNS query. PR1352906

  • On SRX Series devices, if the memory buffer is accessed without checking the mbuf and the associated external storage, the flowd process might stop. PR1353184

  • On SRX Series devices in a chassis cluster, if an IPv6 session is being closed and at the same time the related data-plane Redundancy Group (RG1+) failover occurs, this IPv6 session on the backup node might hang and cannot be cleared. PR1354448

  • The PIM register might stop the message from the source First Hop Router (FHR). PR1356241

  • On SRX300, SRX320, SRX340, and SRX345 devices, with LTE mini-PIM the DHCP relay packets are not forwarded. PR1357137

  • On SRX5000 series devices, when the IPsec performance acceleration feature is enabled, packets going in or out of a VPN tunnel are dropped. PR1357616

  • On SRX5400, SRX5600, and SRX5800 devices, the MIB walk tool is not working when screens are applied to the security zones. PR1364210

Interfaces and Chassis

  • Unable to add IRB and aggregated Ethernet interfaces. PR1310791

  • On SRX1500 devices, pp0.0 interface link status is not up. PR1315416

  • An error is not seen at each commit or commit check if autonegotiation is disabled but the speed and duplex configurations are not configured on the interface. PR1316965

  • If an interface is configured with the Ethernet switching family, we recommend that you do not configure vlan-tagging. PR1317021

  • The interface might be brought down by IP monitoring at the time of committing a configuration because of incorrect interface status computing. PR1328363

Interfaces and Routing

  • JIMS server stops responding to requests from SRX Series devices. PR1311446

  • On SRX Series devices in a chassis cluster, the IRB interface does not send an ARP request after clearing the ARP entries. PR1338445

  • Packet reorder occurs on the traffic received on the PPP interface. PR1340417

  • On SRX Series devices, when the VPLS interface receives a broadcast frame, the device sends this frame back to the sender. PR1350857

  • On the SRX1500, when the LACP is configured with interfaces ae0 and ae1, the mac address is displayed as 00:00:00:00:00:00 and 00:00:00:00:00:01 for interfaces ae0 and ae1 respectively. PR1352908

  • The set protocols rstp interface all command does not enable RSTP on all interfaces. PR1355586

Intrusion Detection and Prevention (IDP)

  • The control plane CPU usage is high when using IDP. PR1283379

  • IDP signatures might not get pushed to the Packet Forwarding Engine if there is a policy in logical systems. PR1298530

  • The IDP PCAP feature has been improved. PR1297876

  • The output of show security idp status command does not accurately reflect the number of decrypted SSL or TLS sessions being inspected by the IDP. PR1304666

  • The file descriptor might leak during a security package auto update. PR1318727

  • On SRX4600 devices, the maximum SSLRP session count is observed to be approaching 100,000. In the CLI, configuring a maximum of 100,000 sessions are allowed, whereas in SSLFP, 600,000 sessions are allowed. Thus, the set security idp sensor-configuration ssl-inspection sessions command is now modified to allow a maximum of 600, 000 sessions. However, for other devices the original session limit value of 100,000 is retained. PR1329827

  • Loading IDP policy fails because of less available heap memory. PR1347821

J-Web

  • J-Web system snapshot throws error. PR1204587

  • In J-Web when you click the SKIP TO JWEB OPTIONS, the Google Chrome browser automatically redirects. PR1284341

  • J-Web does not display all global address book entries. PR1302307

  • On SRX300, SRX320, SRX340, and SRX345 devices, CPU usage is high when generating on-box reporting on the J-Web. PR1310288

  • J-Web authentication fails when a password includes the backslash. PR1316915

  • J-Web dashboard displays wrong last updated time. PR1318006

  • J-Web display problems for security policies are observed. PR1318118

  • J-Web displays the red alarm for temperature value within the threshold. PR1318821

  • J-Web does not display wizards on the dashboard. PR1330283

  • Unable to delete the dynamic VPN user configuration. PR1348705

  • When the J-Web fails to get resource information, the Routing Engine CPU usage is displayed as 100 percent. PR1351416

  • Security policies search button on the J-Web does not work with Internet Explorer version 11. PR1352910

Layer 2 Ethernet Services

  • In DHCP relay configuration, the option VPN has been renamed to source-ip-change. PR1318487

  • On SRX1500 devices, VLAN popping and pushing does not work over Layer 2 circuits. PR1324893

  • DHCP rebind and renew packets is not calculated in BOOTREQUEST. PR1325872

  • The default gateway route might be lost after the failover of RG0 in a chassis cluster. PR1334016

  • The subnet mask address is not sent as a reply to the DHCPINFORM request. PR1357291

Network Address Translation (NAT)

  • The default-gateway route received by DHCP when some interface in the chassis cluster has been configured as a DHCP client is lost in about 3 minutes after RG0 failover. PR1321480

  • On SRX Series devices, the Sky ATP connection leak causes the service plane to be disconnected from the Sky ATP cloud. PR1329238

  • Arena utilization on a FPC spikes and then resumes to a normal value. PR1336228

Network Management and Monitoring

  • SRX300 device is unresponsive as a result of cf/var: filesystem full error. PR1289489

  • CLI options are available to manage the packet forwarding engine handling the ARP throttling for NHDB resolutions. PR1302384

Platform and Infrastructure

  • When you perform commits with apply-groups, VPN might flap. PR1242757

  • The packet captured by datapath-debug on an IOC2 card might be truncated. PR1300351

  • Inconsistent flow-control status on reth interface is observed. PR1302293

  • On SRX5400, SRX5600, and SRX5800 devices, DC PEM is used on the box, the output of show chassis environment pem and show chassis power commands do not show DC input value correctly. PR1323256

  • On SRX5400, SRX5600, and SRX5800 devices, SPC2 XLP stops processing packets in the ingress direction after repeated RSI collections. PR1326584

  • When SecIntel is configured, IPFD CPU utilization might be higher than expected. PR1326644

  • The log messages file contains node*.fpc*.pic* Status:1000 from if_np for ifl_copnfig op:2 for ifl :104 message. PR1333380

  • Log message No Port is enabled for FPC# on node0 is generated every 5 seconds. PR1335486

  • In RSI, a mandatory argument is missing for the request pfe execute and the show usp policy counters commands.PR1341042

  • On SRX Series devices in a chassis cluster, configuration commit might succeed even though the external logical interface configuration (reth) associated with the Internet Key Exchange (IKE) VPN gateway configuration is deleted. This might lead to configuration load failure during the next device boot-up. PR1352559

  • On SRX4100 devices, interfaces are shown as half-duplex, but there is no impact on the traffic. PR1358066

Routing Policy and Firewall Filters

  • The firewall authentication does not list the correct polices when the NSD process is busy. PR1312697

  • The number of address objects per policy for SRX5400, SRX5600, SRX5800 devices is increased from 4,096 to 16,000. PR1315625

  • The flowd process stops when AppQoS is configured on the device. PR1319051

  • Flowd process stops after configuring a huge number of custom applications. PR1347822

  • On SRX Series devices, with a large number of firewall authentication entries, the flowd process might stop. PR1349191

  • On SRX Series devices, a large scale commit, for example, 70,000 lines security policy might stop the NSD process on the Packet Forwarding Engine (PFE). PR1354576

Routing Protocols

  • On SRX1500 devices, the IS-IS adjacency remains down when using an IRB interface. PR1300743

  • Dedicated BFD does not work on SRX Series devices. PR1312298

  • On a chassis with BMP configured, if the rpd termination timeout is happening while the BMP main task has failed to terminate and delete itself (seen when rpd is gracefully terminated), the rpd might stop. PR1315798

  • When BGP traceoptions are configured and enabled, the traces specific to messages sent to the BGP peer (BGP SEND traces )are not logged The traces specific to received messages (BGP RECV traces ) are logged correctly. PR1318830

  • OpenSSL Security Advisory [07 Dec 2017]. Refer to https://kb.juniper.net/JSA10851 for more information. PR1328891

  • The ppmd process might stop, after one node is upgraded and failover completes. PR1347277

  • On SRX Series devices, dedicated BFD does not work. PR1347662

Software Installation and Upgrade

  • The request system reboot node in/at command results in an immediate reboot instead of rebooting at the allotted time. PR1303686

  • On SRX1500 devices, the fan speed often fluctuates. PR1335523

System Logs

  • A warning syslog message is displayed when the number of security screens installed exceed the IOC capacity. PR1209565

  • The following log messages are displayed on the device: L2ALM Trying peer/master connection, status 26. PR1317011

User Firewall and Authentication

  • User firewall has a command to fetch the user-group mapping from the active directory server. PR1327633

Unified Threat Management (UTM)

  • The ISSU upgrade might fail because of the Packet Forwarding Engine generating a core file. PR1328665

Upgrade and Downgrade

  • The command show system firmware displays the old firmware image. PR1345314

VLAN Infrastructure

  • On SRX Series devices in transparent mode, the flowd process might stop when matching the destination MAC. PR1355381

VPNs

  • The IRB interface does not support VPN. PR1166714

  • Next hop tunnel binding (NHTB) is not installed occasionally during rekey for VPN using IKEv1. PR1281833

  • IPsec traffic statistic counters return 32-bit values. PR1301688

  • Auto Discovery VPN (ADVPN) tunnels might flap with the spoke error no response ready yet, leading to IKEv2 timeout. PR1305451

  • On SRX Series devices, core files are observed under certain conditions with VPN and when NAT-T is enabled. PR1308072

  • PKID syslog for key-pair deletion is required for conformance. PR1308364

  • On SRX Series devices, ESP packet drops in IPsec VPN tunnels with NULL encryption algorithm configuration are observed. PR1329368

  • SNMP for jnxIpSecTunMonVpnName does not work. PR1330365

  • The kmd process might generate a core file when all the VPNs are down. PR1336368

  • On SRX5400, SRX5600, and SRX5800 devices, the chassis cluster control link encryption does not work. PR1347380

  • The kmd process might stop if multiple IKE gateways uses the same IKE policy. PR1337903

  • All IPsec tunnels are in both active and inactive state. PR1348767

  • S2S tunnels are not redistributed after IKE or IPsec are reactivated in a configuration. PR1354440

Resolved Issues: 17.4R1

Application Layer Gateways (ALGs)

  • On SRX Series devices SIP packet might drop when SIP traffic performs destination NAT. PR1268767

  • The pfed process stops and generates core files. PR1292992

  • H323 ALG decode Q931 packet error was observed even after disabling H323 ALG. PR1305598

  • HTTP ALG is listed within show security match-policies, when the HTTP ALG does not exist. PR1308717

Chassis Cluster

  • Node 0 is going into db prompt after applying Layer 2 switching configuration and rebooting. PR1228473

  • HA configuration synchronization monitoring does not work if encrypt-configuration-files is enabled. PR1235628

  • The ISSU or ICU operation might fail if upgrade is initiated from Junos Space on multiple SRX clusters. PR1279916

  • ALG traffic and other traffic with tcp-proxy gets stuck after back-to-back RG1 failover when using PPPoE on the reth interface. PR1286547

  • Warning messages are incorrectly tagged as errors in the RPC response from the SRX Series device when you configure a change through NETCONF. PR1286903

  • After software upgrade, the cluster goes into a brief split-brain state when rebooting RG0 on the secondary node. PR1288819

  • In an SRX1500 cluster, if control-link-recovery is configured, ISSU might not complete successfully and the cluster will end up with different software releases. PR1303948

  • IP monitoring on the secondary node shows unknown status after rebooting. PR1307749

  • On SRX Series devices, the traffic logging impact issue after ISSU is fixed. PR1284783

Class of Service (CoS)

  • on SRX devices, self-generated TCP session from RE destined to an lt-0/0/0.x nexthop is not established. PR1286866

Flow-Based and Packet-Based Processing

  • The software-NH value increases and and causes a traffic outage. PR1190301

  • SRX1500 devices might power-off unexpectedly because of incorrect device temperature readings which reportedly is a too high temperature, leading to an immediate proactive power-off of the device to protect the device from overheating. When this condition occurs, the following log message is shown in file /var/log/hostlogs/lcmd.log: Jan 25 13:09:44 localhost lcmd[3561]: srx_shutdown:214: called with FRU TmpSensor.PR1241061

  • Duplicate hops or a higher than expected hop count is seen in L2 traceroute. PR1243213

  • Configuring dpd results in timeouts for TCP encapsulation sessions. PR1254875

  • A down interface in the mirror-filter command might cause a core file in certain situations. PR1270724

  • Core files are seen on SRX1500 when J-Flow is enabled. PR1271466

  • SRX320 with MPIM: IPv6 static route on dl0.0 is not active, so it cannot work for dial-on-demand. PR1273532

  • Multicast traffic sent to the downstream interface in the destination MAC address is set to all zeros. PR1276043

  • Output hangs while checking pki ca-certificate ca-profile-group details. PR1276619

  • SRX1500 randomly stops forwarding traffic. PR1277435

  • When using integrated user firewall, the useridd process might consume high CPU. PR1280783

  • When executing operational commands for creating rescue configuration, some errors will be reported but the rescue configuration will still be created. PR1280976

  • User firewall users are not assigned their roles. PR1282744

  • Certain SCTP packets are dropped. PR1285089

  • The pfed process stop and core files are generated by committing traceoptions configure. PR1289972

  • More CPU threshold warnings are seen than in the previous releases. PR1291506

  • CoS scheduler and shaping does not work on IRB interface. PR1292187

  • Cryptographic weakness is seen on SRX300 line devices TPM Firmware (CVE-2017-10606) PR1293114

  • The APN profile password is displayed in cleartext. PR1295274

  • On SRX Series devices running the user firewall feature, under some conditions, flowd or useridd might generate core files. The Packet Forwarding Engine might get restarted, and RG1+ failover occurs. PR1299494

  • SRX Series device fail to upgrade the Junos image when you use the unlink and partition options at the same time. PR1299859

  • When you run the show interfaces queue rethx command, the output displays ingress queue information. PR1309226

  • On SRX Series devices, the Stream Control Transmission Protocol (SCTP) packet has an incorrect SCTP checksum after the payload is translated by the device. PR1310141

Interfaces and Chassis

  • On SRX1500 devices with SFP+-10G-CU3M DAC, 10-Gigabit Ethernet interface does not work. PR1246725

  • On SRX1500, 10-Gigabit Ethernet interface might not come up between the SRX Series device and another type of device when using SFP+-10G-CU3M DAC. PR1279182

  • Ping to VRRP (VIP) address failed when VRRP on vlan-tagging. This only affected IOC2 and IOC3 cards in SRX5000 line devices. SRX1500, SRX4100, and SRX4200 devices are not impacted. PR1293808

  • RPM packets do not go through the LT interface under certain configurations. PR1303445

J-Web

  • SRX Series devices cannot be upgraded with Junos image using J-Web. PR1297362

  • Configuration upload using J-Web does not work. PR1300766

  • In J-Web, when logical system adds a custom application, the applications 'any' are not present in Logical System Configure> Security> Security Policy> Add Policy. PR1303260

  • J-Web removes the backslash character on the source identity object when the commit changes. PR1304608

Layer 2 Ethernet Services

  • ARP issues are seen when using Layer 2 switching with the IRB interface. PR1266450

  • On SRX1500 devices in an Ethernet switching mode, an IRB interface located in a custom routing instance is not reachable. PR1234000

  • The change no-dns-propagation command should be changed to no-dns-install. PR1284852

  • DHCPv6 prefix delegation does not start with the first available subnet PR1295178

Network Address Translation (NAT)

  • On SRX Series devices, the periodic execution of the show security zones detail command causes the NSD process to fail in releasing unused memory, causing memory leak. PR1269525

  • The proxy-arp does not work intermittently after RG0 failover. PR1289614

  • Commit check might allow a Source NAT pool without addresses to be committed, leading to flowd core file generation when the misconfigured pool is utilized by traffic. PR1300019

  • Active source NAT causes an NSD error and the session closes. PR1313144

Network Management and Monitoring

  • On the SRX340 device, one Routing Engine does not reply for the SNMP request after power-on or RG0 failover in a cluster. PR1240178

  • On SRX Series devices, when J-Flow is enabled for multicast traffic extern nexthop is installed during the multicast composite next hop. However, when you uninstall the composite next hop, it does not free the extern nexthop, which results in the jtree memory leak. PR1276133

  • The mib2d process might crash when polling the OID ifStackStatus.0 after a logical interface of lo0 is deleted. PR1286351

  • The show arp no-resolve interface X command for nonexistent interface X is showing all unrelated static ARP entries. PR1299619

Platform and Infrastructure

  • SRX300 line devices reboot when Juniper RE-USB-4G-S (yellow or orange) USB is inserted. PR1214125

  • The flowd process might crash during route update. PR1249254

  • Unexpected behavior with IP monitoring is seen. PR1263078

  • The TTL (Time To Live) of some Z-mode packets is reduced to zero incorrectly, if IOC2 or IOC3 interface is configured as HA fabric port. PR1270770

  • DNS cache does not get populated in multiple virtual router (VR) environments. PR1275792

  • Memory leak occurs on SRX Series devices chassis cluster when em0 or em1 interface is down. PR1277136

  • On SRX5000 line devices, under a heavy flood of IPv6 Neighbor Discovery Protocol (NDP) packets, some incoming IPv6 neighbor advertisements (NA) might be dropped because of a queue being full. This issue has been resolved by using a different queue for IPv6 NA packets. PR1293673

  • XLP lost heartbeat (SPU hang) is not detected in a timely manner by hardware monitoring. PR1300804

Routing Policy and Firewall Filters

  • Secured e-mail application is not available. PR1273725

  • On SRX Series devices, the DNS configured in the address-book fails to resolve the IP address, if the case (uppercase or lowercase) in the DNS query and the DNS response do not match. PR1304706

  • The NSD process might crash when replacing the name of a logical-system. PR1307876

System Logging

  • The logs from syslog RT_FLOW: FLOW_REASSEMBLE_SUCCEED: Packet merged might cause high CPU usage on the Routing Engine. PR1278333

Unified Threat Management (UTM)

  • The Packet Forwarding Engine CPU utilization is high when using the UTM antivirus feature. PR1282719

VPNs

  • The st0 global counter statistics do not increment. PR1171958

  • The second client is disconnected when the assigned IP address is changed in the access profile for the first client. PR1246131

  • IPsec traffic through tunnel fails without configuring the authentication algorithm under the IPsec proposal on the SRX1500; however, it works on the SRX5600. PR1285284