Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Resolved Issues


Learn which issues were resolved in Junos OS Release 19.4R2 for vSRX. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Resolved Issues: 19.4R2

Application Layer Gateways (ALGs)

  • FTPS traffic might get dropped on SRX Series or MX Series platforms if FTP ALG is used. PR1483834

Application Security

  • When destination-path-group is deleted in configuration and added again, the fc-id, dscp, fc name, and loss priority fields are reset. The configured values are not taken.PR1489948

Chassis Clustering

  • On single-thread vSRX and VSRX 3.0 instances, when PMI (PowerMode IPsec) mode is enabled, the IPsec traffic is dropped after failover due to antireply check failure. PR1473037

  • On vSRX 3.0 in a chassis cluster, the diagnostic script falsely fails SSL configuration consistent check with the following error - AAMW diagnostic Error : Couldn't initiate connection rslt:-1 err:No route to host clusters. PR1463701

Flow and Processing

  • A warning message is displayed when the user tries to enroll an ECDSA key-pair type local certificate with SCEP. PR1420736

  • Less throughput observed on vSRX 3.0 instances as compared to vSRX instances. PR1429548

  • On the vSRX platform, if the single root I/O virtualization (SR-IOV) virtual function does not have trust mode enabled, the IPv6 Neighbor Discovery Protocol (NDP) address resolution does not work when it is initiated from the remote host. PR1433959

  • Introduction of default inspection limits to application identification to optimize CPU usage and improve resistance to evasive applications. PR1454180

  • On vSRX3.0 platform, traffic loss might occur when application service is configured. PR1455465

  • When traffic goes through vSRX 3.0 instances, core files are generated and traffic is dropped. This issue might cause all interfaces to go down and the Packet Forwarding Engine does not come up. PR1465132

Intrusion Detection and Prevention (IDP)

  • When creating dynamic attack groups within IDP that contain more than 30 filters, the query fails and the group are not populated with any attacks. PR1467561


  • Adding the license to a vSRX instance while it is getting spun through cloud-init fails. You have to manually add the license after the device has booted up. PR1469978

Platform and Infrastructure

  • On vSRX3.0 platforms in a Hyper-V scenario, the parsed VLAN ID of packets with 802.1Q VLAN tags might be incorrect, which results in no connectivity to other physical devices on the same VLAN over 802.1Q trunk. PR1477315


  • Security Intelligence mistakenly engages tcp-proxy when ssl-proxy is not engaged, leading to reduced flow performance. PR1491682

Resolved Issues: 19.4R1

Flow-Based and Packet-Based Processing

  • When the secure wire feature is used, a flowd core file might be generated when one of the secure wire interfaces goes down. PR1430071

  • On vSRX 3.0, when OCSP is configured with a valid OCSP URL and a connection with the CA server is established to validate multiple certifications and the connection is successful, the CA server does not respond and the OCSP connection times out. PR1434638

  • In a race condition, the appid process might crash while installing security package. PR1440258

  • On vSRX3.0 instances, gradual increase in 'Swap Utilization' might be observed. This might cause the instances to stop or become unstable. For example, Routing Engine response might be slow or sometimes the Packet Forwarding Engine might stop working with the error message no more swap space. PR1450204

  • The Chassis Cluster control link remains up even though the control link is actually down. The failover cannot be executed in this situation, leading to traffic or service impact. PR1452488

  • BFD sessions flap intermittently on vSRX instances. PR1455954

  • When traffic goes through vSRX 3.0 instances, core files are generated and traffic is dropped. This issue might cause all interfaces to go down and the Packet Forwarding Engine does not come up. PR1465132

Interfaces and Routing

  • IP address on the fxp0 interface keeps flapping after deploying a vSRX 3.0 instance on Microsoft Azure cloud and the correct IP address is not received from MicrosoftAzure cloud. PR1439278

  • On a vSRX 3.0 instance deployed on Nutanix AHV, the revenue ports ge-0/0/x do not get created; hence the vSRX instance is unable to handle any traffic. PR1461115


  • On vSRX instances, predefined Juniper Sky ATP and Security Intelligence (SecIntel) policies are not listed, which might cause an error when using the configuration wizard in J-Web. PR1447273

Platform and Infrastructure

  • The ksyncd process might stop due to timing issue. The secondary node cannot synchronize kernel states successfully. PR1440576

  • On vSRX instances running on cloud platforms such as Microsoft Azure and AWS, memory leaks might occur if you deploy the vSRX instance with more vCPUs than what is supported, resulting in intermittent traffic outage. PR1442136

Unified Threat Management

  • If Websense Redirect Web Filtering is configured, memory might leak over time. The leak might become faster and cause system problems sooner. PR1445222

  • A vSRX 3.0 cannot be launched on a VM with total memory less than 4 GB. Since AWS C4.L instance type has total 3.75 GB, vSRX3.0 does not support C4.L instance types. PR1454553


  • When NAT-T is used for an IPsec VPN tunnel, the tunnel might stop forwarding traffic after a rekey. PR1444730