Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Open Issues

Learn about open issues Junos OS Release 21.2R3 for SRX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Flow-Based and Packet-Based Processing

  • Use 512 antireplay window size for IPv6 in fat-tunnel. The ESP sequence check might otherwise report out-of-order packets if the fat-tunnel parallel encryption is within 384 packets (12 cores * 32 packets in one batch). Hence there are no out-of-order packets with 512 antireplay window size. PR1470637

  • For accelerated flows such as Express Path, the packet or byte counters in the session close log and show session output take into account only the values that accumulated while traversing the NP. PR1546430

General Routing

  • In Dual CPE scenario, after RG0 failover, the best path link status shows as PARTIAL SLA VIOLATED instead of SLA MET due to active probe result gone wrong in certain scenarios. PR1565777

  • When the device is downgraded to a release earlier than Junos OS Release 21.1 and then upgraded again to Junos OS Release 21.1, the appiddb tables might not get populated properly and have 0 entries. For such cases, after upgrading, uninstall and reinstall signature package. PR1567199

  • With the Application-Based Multipath Routing enabled, HTTP sessions take approximately 10 minutes to re-establish after a link flap between hub and spoke. PR1577021

  • With ssl-proxy configured along with web-proxy, the client session might not closed on the device even though proxy session ends gracefully. PR1580526

  • HA AP mode on-box logging in LSYS and Tenant, Intermittently Security log contents of binary log file in LSYS are not as expected. PR1587360

  • On SRX Series devices, when firewall authentication is configured with pass-through traffic for http or https with user firewall, SRX Series devices will delete the authentication entries post 10 seconds to avoid re-authentication. PR1588241

  • Unexpected port value 0 is seen instead of undefined. PR1589598

  • On SRX345 device, the icmp checksum error and packet drops are observed while doing rapid ping on vdsl interface with MTU 1514. PR1591230

  • There is a behaviour change in AppTrack logs, by default logs are disabled. PR1591966

  • In Junos OS releases 20.3 R3, 20.4R3 and 21.1R2, sometimes on reboot schedule-report are not getting generated. PR1594377

  • For Junos OS releases 20.3R3, 20.4R3, 21.1R2, 21.2R1, phone home ZTP is failing on SRX Series devices as phone home client is unable to connect to Phone Home Server or Redirect Server. PR1598462

  • Intermittently the trace messages are not logged on sending multicast traffic. PR1598930

  • The issue is when we enable TCP path finder in the VPN gateway, VPN connection is established properly. After VPN connection is established, able to ping from JSC installed CLIENT to SERVER behind gateway, but unable to ping from SERVER behind gateway to Juniper Secure Connect installed CLIENT. PR1611003

  • On SRX Series device with a sig-pack update, if any application is moved to depricated and if that application was part of any custom group, signature upgrade might fail. Due to this sometimes the appid process might stop. PR1632205

  • LACPD generates core files sometimes when member links are swapped between two reth bundle using rollback operation given that prior to rollback each of the bundle already has maximum number of child links. PR1632371

  • SMTPS sessions are not getting identified when traffic is sent from IXIA (BPS) profile. PR1635929

  • The remote-access-juniper-std license might not get freed up while disconnect or reconnect after RG0 failover. PR1642653

Interfaces and Chassis

  • Traffic drop might be seen on irb interface on SRX1500 device for network control forwarding class when verifying dscp classification based on single and multiple code-points. PR1611623

Intrusion Detection and Prevention (IDP)

  • On SRX Series devices, it is unable to use latest signature pack due to IDP DB failing to update. PR1594283

J-Web

  • The Firefox browser displays an unsaved changes error message in the J-Web basic settings page if the autofill logins and passwords option is selected under the browser privacy and security settings. PR1560549

  • UI lists the IPsec VPNs information for uncommitted IPsec VPNs configuration under Monitor -> Netwrok -> IPsec VPN. PR1576609

  • For Dynamic VPN configuration, topology is shown as 'Site to Site / Hub and Spoke' under Monitor -> Network -> IPsec VPN page. PR1597889

Platform and Infrastructure

  • The commit synchronize command fails because the kernel socket gets stuck. PR1027898

  • On SRX Series devices, if the SNMP packet (traps or polls) has to cross multiple routing-instances, it will cause the packet to be dropped due to incorrect routing-instance ID added by SRX. PR1616775

  • The device will be unavailable while performing FIPS 140-2/FIPS 140-3 level 2 internal test on FreeBSD 12 based Junos OS platforms. PR1623128

Routing Policy and Firewall Filters

  • If tunnel inspection policies are defined, VXLAN sessions are not getting established. PR1604625

Routing Protocols

  • The fwauthd core files might be observed when upgrading to Junos OS 21.2R1 release. PR1588393

Unified Threat Management (UTM)

  • There is no counter for juniper-local default action. PR1570500

User Interface and Configuration

  • On all Junos OS and Junos OS Evolved devices, when copy-config, get-configuration, and discard-change RPCs run in two parallel NETCONF sessions and the database is also accessed in parallel by two NETCONF sessions, it leads to database corruption and mgd-related services might crash. PR1641025

VPNs

  • On SRX5400, SRX5600, and SRX5800 devices, during in-service software upgrade (ISSU), the IPsec tunnels flap, causing a disruption of traffic. The IPsec tunnels recover automatically after the ISSU process is completed. PR1416334

  • On SRX5000 line of devices, in some scenario, the device output might display obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925

  • An IPsec policy must not have both ESP and AH proposals. The configuration will commit, but the IPsec traffic will not work. Do not configure an IPsec policy with proposals using both ESP and AH protocols. PR1552701