Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Resolved Issues


Learn which issues were resolved in Junos OS Release 20.2R1 for vSRX. For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Application Layer Gateways (ALGs)

  • Previously, the MSRPC ALG only supported operation number 4 messages (opnum 4 - RemoteCreateInstance) for extracting for MSRPC data sessions. We now support opnum 3 messages (opnum 3 - RemoteGetClassObject) for extracting for MSRPC data session. PR1462692

  • With FTP ALG enabled, if there is more than one FTPS connection between an FTP client and server pair, the closure of one connection might cause other connections between that FTP client and server pair to be affected; hence there might be traffic impact. It is a rare timing issue. PR1483834

Application Security

  • Application Quality of Experience (AppQoE) system log shows best-path previous-interface value as “N/A” when deactivating DBG or the link. PR1487056

Flow and Processing

  • A warning message is displayed when the user tries to enroll ECDSA keypair type local certificate with SCEP. PR1420736

  • Application identification is significantly more resistant to evasive applications. It does this by introducing default inspection limits, which can be adjusted by using the new set services application-identification inspection-limit command and the set services application-identification global-offload-byte-limit command. PR1454180

  • Cache entries are not seen when global ASC is off. PR1483928

  • When destination-path-group is deleted in the configuration and added again, the fc-id, dscp, fc name, loss priority fields are reset. The configured values are not considered. PR1489948

  • Security Intelligence would mistakenly engage tcp-proxy when ssl-proxy was not engaged, leading to reduced flow performance. PR1491682

  • When SSL proxy is enabled and if the vSRX runs out of memory, then the SSL proxy module might stop. PR1505013

Intrusion Detection and Prevention (IDP)

  • If the total number of applications (predefined as well as the custom applications configured ) crosses 4096, attack detection might fail. PR1497340


  • Adding the license to the vSRX while it is getting spun through cloud-init fails. You have to manually add it after the device has booted up. PR1469978

Routing Policy and Firewall Filters

  • Traffic might fail to hit policies if match dynamic-application and match source-end-user-profile options are configured under the same security policy name. PR1505002

Unified Threat Management (UTM)

  • The source and destination IP or port fields were reversed for Content-Filtering and Anti-Virus logs. These fields now reflect the source and destination of the flow correctly. PR1499327