Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Known Issues

    This section lists the known issues in hardware and software in Junos OS Release 18.1R2 for SRX Series devices.

    For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

    Chassis Clustering

    • On SRX5600 and SRX5800 devices in chassis cluster mode, when the secondary Routing Engine is installed to enable dual control links, the show chassis hardware command might display the same serial number for both the routing engines on both the nodes. PR1321502

    • On SRX Series devices, the forwarding plane might failover from node 0 to node 1 when an SPC stops unexpectedly. PR1331809

    Class of Service (CoS)

    • On all SRX Series devices, if the action of forwarding-class is configured in the output direction on a firewall filter, the host outbound traffic matching the same term of this firewall filter is blocked. PR1272286

    Flow-Based and Packet-Based Processing

    • On all SRX Series devices, filter-based forwarding (FBF) does not work when applied on IPsec tunnel interface (st0.*). PR1290834

    • On SRX Series devices, when you run the command clear nhdb statistics on the SPU PIC, the SPC might reset. PR1346320

    Intrusion Detection and Prevention (IDP)

    • The output of show security idp status command does not accurately reflect the number of decrypted SSL or TLS sessions being inspected by the IDP. PR1304666

    • The file descriptor might leak during a security package auto update. PR1318727

    Software Installation and Upgrade

    • On SRX1500 devices, the fan speed often fluctuates. PR1335523


    • When an SRX Series device acts as an initiator behind the NAT, disabling NAT on the router in between causes an immediate new negotiation failure because of an attempt to disable NAT using the port 4,500. The next attempt succeeds by using the port 500. Disabling NAT and bringing down all the existing tunnels and re-establishing the tunnels with port 500 is the expected behavior. PR1273213

    • On SRX Series devices, in case multiple traffic-selectors are configured for a peer with IKEv2 reauthentication, only one traffic-selector rekeys at the time of IKEv2 reauthentication. The VPN tunnels of the remaining traffic-selectors are cleared without immediate rekey. New negotiation of those traffic-selectors might be triggered through other mechanisms such as traffic or peer. PR1287168

    • When NCP profile is changed on an existing IKE gateway, the SSL session corresponding to the existing tunnel is not affected. PR1323425

    • If a period . is present in the CA profile name then the PKID might face issues, if the PKID is restarted at any point. PR1351727

    Modified: 2018-05-23