Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Resolved Issues: 21.1R3

Authentication and Access Control

  • UAC authentication might not work post system reboot. PR1585158

Flow-Based and Packet-Based Processing

  • Security traffic log display service-name="None" for some application. PR1619321

General Routing

  • SSL-FP Logging for non SNI session. PR1442391

  • Wi-Fi mPIM on SRX Series devices is reaching out to NTP and DNS servers. PR1569680

  • When using log templates (introduced in Junos OS release21.1R1) with Unified Policies, logs were not generated in a predictable manner. A new construct has been added that allows you to define a default log profile (set security log profile name default-profile) that can be used to improve this behaviour when multiple log profiles are defined. PR1570105

  • Missing snmp operation state method for on SRX5800 or MX960 devices. PR1570433

  • Changes in SNMP traps configuration and data exported for TWAMP. PR1573169

  • On SRX Series devices, error message tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds. PR1580667

  • Traffic is dropped to or through VRRP virtual IP on SRX380 devices. PR1581554

  • The srxpfe process might stop on SRX1500 devices. PR1582989

  • Secure Web proxy continue sending DNS query for unresolved DNS entry even after the entry was removed. PR1585542

  • On SRX Series devices, significant performance improvements for JDPI's micro-application identification were included. PR1585683

  • IP packets might be dropped on SRX Series devices. PR1588627

  • The jsqlsyncd process files generation might cause device to stop after upgrade. PR1589108

  • The REST API does not work for SRX380 devices. PR1590810

  • In Junos OS releases 20.1R3 and 20.3R3, the issue (empty feed-name) starts with the hit returned from cache which points to the node with the parameter of feed-ID (2) inconsistent with the feeds-update (when it's 1). As a result the incorrect feed-ID points to the empty entry in the array of the feed-names. PR1591236

  • J-Web Deny log nested-application="UNKNOWN" instead of specific application. PR1593560

  • When combining log profiles and unified policies RT_FLOW_SESSION_DENY logs were not being generated corrected. PR1594587

  • When JDPI inspection-limits are reached, under certain circumstances, classification details were not propagated to interested Layer-7 Services, such as IDP. PR1595310

  • Node1 fpc0 (SPM) goes down after ISSU and RG0 failover. PR1595462

  • Jflow V9 application-id record: Network based application recognition value for IPv4 application-id are not as expected. PR1595787

  • Delay might be observed between Services Processing Card (SPC) failing and failover to other node. PR1596118

  • The flowd might core dump if application-services security policy is configured. PR1597111

  • The srxpfe process might stop and generate a core file post "targeted-broadcast forward-only" interface-config commit. PR1597863

  • The flowd process might generate core files, if the AppQOS module receiving two packets of a session. PR1597875

  • The flowd process might stop in AppQoE scenarios. PR1599191

  • The httpd-gk core might be observed when IPsec VPN is configured. PR1599398

  • Traffic might be dropped at NAT gateway if EIM is enabled. PR1601890

  • In the best path log message the switch reason is being shown as nh change instead of sla violated. PR1602571

  • The flowd process might stop if the DNS-inspection feature is enabled by configuring SMS policy. PR1604773

  • Memory leak at the useridd process might be observed when integrated user firewall is configured. PR1605933

  • When the tap mode is enabled, the packet on ge-0/0/0 is dropped on RX side. PR1606293

  • DNS proxy functionality might not work on VRRP interfaces. PR1607867

  • Enabling security-metadata-streaming-policy might cause Packet Forwarding Engine to stop.PR1610260

  • Interface might not come up when 10G port is connected to 1G SFP. PR1613475

Interfaces and Chassis

  • IPv4 or IPv6 address from the config on the interface may not be applied when the interface is moved from tenants to interface stanza in the configuration. PR1605250

Intrusion Detection and Prevention (IDP)

  • Custom attack IDP policies might fail to compile. PR1598867

  • IDP policy compilation is not happening when a commit check is issued prior to a commit. PR1599954

  • The srxpfe might stop while the IDP security package contains a new detector. PR1601380

  • Optimizations made to IDP that help improve its performance and behaviour under load. PR1601926

  • High Routing Enginer CPU usage occurs when routing-instance is configured under security idp security-package hierarchy level. PR1614013


  • J-Web may not display customer defined application services if one new policy is created. PR1599434

  • J-web application might stop and generates httpd process core files. PR1602228

  • Radius users might not be able to view or modify configuration through J-Web. PR1603993

  • On all SRX Series devices, some widgets in J-Web might not load properly for logical systems users. PR1604929

  • The J-Web error: "your session has expired. click ok to re-login" when using root user. PR1611448

Network Address Translation (NAT)

  • Incorrect IPv6 UDP checksum inserted after translation of packet from IPv4 to IPv6. PR1596952

Platform and Infrastructure

  • SPC3 might not come up after the system reboot. PR1555904

  • Junos OS: Upon receipt of specific sequences of genuine packets destined to the device the kernel will crash and restart (vmcore) (CVE-2021-0283, CVE-2021-0284). PR1595649

  • On SRX Series devices, the accounting and auditd process on secondary node does not work. PR1620564

Routing Policy and Firewall Filters

  • High CPU usage might be seen on some SRX Series devices. PR1579425

Routing Protocols

  • Short multicast packets drop using PIM when multicast traffic received at a non-RPT or SPT interface. PR1579452

User Interface and Configuration

  • After image upgrade device might fail to come up due to certain configurations. PR1585479


  • The iked process might restart and generate core during session state activation or deactivation. PR1573102

  • Memory leaks on the iked process on SRX5000 line of devices with SRX5K-SPC3 installed. PR1586324

  • The IPSec tunnel might not come up if configured with configuration payload in a certain scenario. PR1593408

  • The kmd process might crash when VPN peer initiates using source-port other than 500. PR1596103

  • Tail drops might occur on SRX Series devices if shaping-rate is configured on st-interface. PR1604039