Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Limitations


Learn about known limitations in this release for vSRX. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.


  • On Microsoft Azure deployments, SSH public key authentication is not supported for vSRX 3.0 CLI and portal deployment. PR1402028

  • On a vSRX3.0 instance running on Azure, there might be one more IP address configured on fxp0 intermittently besides the IP address assigned by DHCP, which causes a CLI upgrade failure. PR1461678

Flow-Based and Packet-Based Processing

  • When traffic flow is high (throughput of 2 Gbps or more), we do not recommend that you reboot a vSRX 3.0 virtual machine (VM) running Hyper-V on Windows Server 2016. The vSRX 3.0 VM might stop responding during the boot process. We recommend that you schedule a reboot or an upgrade when there is no traffic. To recover the vSRX 3.0 VM after it stops responding, restart the instance after the traffic stops. PR1394792


  • The CA profile group imported using J-Web is not populated in the Certificate Authority Group initial landing page grid, but all the CA profiles of a group are populated on the Trusted Certificate Authorities landing page. PR1426682

  • When a dynamic application is created for an edited policy rule, the list of services is blank when the Services tab is clicked and then the policy grid is autorefreshed. As a workaround, create a dynamic application as the last action while modifying the policy rule and click the Save button to avoid loss of configuration changes made to the policy rule. PR1460214

Unified Threat Management

  • vSRX and vSRX 3.0 platforms with memory less than 8 GB memory do not support HA on-box AV light mode or heavy mode. PR1454623

vSRX Limitations in Junos Space Security Director Integration with vSRX

The following vSRX features are not supported in Junos Space Security Director:

  • Application QoS (AppQoS)

  • Layer 2 transparent mode

The following Security Director limitations apply specifically to Application Firewall (AppFW), IDP, and UTM features:

  • UTM database updates are not supported.

  • Application ID (AppID) custom signatures are not supported.

In Junos Space Security Director, for IPsec and routing features, certificates for AutoVPN must be generated from the CLI. All other IPsec settings can be configured using Junos Space Security Director.