Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Known Limitations

Learn about known limitations in this release for SRX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • Unified access control drops packet at uac-plugin receives interest check event when jbuf is null. When flow get uac return value (some value indicated drop), flow would drop packet and log again. Normally when flow did the log, it will check the flag on jbuf. The flag would tell flow this drop had been logged and then flow won't log again. But for this UAC test case, the jbuf was not there hence no flag can be set so two logs were seen. PR1555850

Flow-Based and Packet-Based Processing

  • For accelerated flows, the packet or byte counters in the session_close log and show session output take into account only those values that accumulated while traversing the NP. PR1546430

General Routing

  • In SRX380 MACsec show security macsec statistics command, when encryption-offset is enabled, encrypted bytes and encrypted packets will include both encrypted and protected bytes. PR1534840

  • Due to enhancements in AppID starting in Junos OS Release 21.1R1, database files are not compatible with earlier releases. Hence, this issue is expected to be seen during downgrade from 21.1R1 to previous Junos OS releases. PR1554490


  • In SPC2 and SPC3 mixed-mode HA deployments, tunnel per second (TPS) is getting affected while dead peer detection (DPD) is being served on existing tunnels. This limitation is due to a large chunk of CPU being occupied by infrastructure (gencfg) used by IKED to synchronize its DPD state to the backup nodes. PR1473482