Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Resolved Issues: 21.2R3

Flow-Based and Packet-Based Processing

  • On SRX Series devices using Unified Policies with IPv6, when attempting to reject certain dynamic-applications, the flowd process might generate core files. PR1601806

  • Cleartext fragments are not processed by flow. PR1620803

General Routing

  • When using log templates introduced in Junos OS release 21.1R1 with Unified Policies, logs were not generated in a predictable manner. A new construct has been added that allows you to define a default log profile set security log profile name default-profile command can be used to improve this behavior when multiple log profiles are defined. PR1570105

  • PKID core during auto-re-enrollment of CMPv2 certificates. PR1580442

  • Getting UNKNOWN instead of HTTP-PROXY for application and UNKNOWN instead of GOOGLE-GEN in RT-FLOW close messages. PR1588139

  • When combining log profiles and unified policies RT_FLOW_SESSION_DENY logs were not being generated corrected. PR1594587

  • High CPU utilisation might be seen when Jflow sampling is configured on vSRX HA setup. PR1604775

  • vSRX might stop forwarding traffic 60 days after Junos upgrade due to the trial license expiring. PR1609551

  • For apps getting classified on first packet, the volume update syslog is not getting generated. PR1613516

  • The interface speed is limited to 1G on vSRX 2.0 even the speed is set as more than 1G. PR1617397

  • During SaaS probing, due to race condition between APP entry addition and session processing, this core is seen. PR1622787

  • On SRX Series devices running DNS security, if a DGA was detected and the action in the configuration was set to permit, under rare circumstances, a log would not be generated by the device. PR1624076

  • Running DNS on all SRX Series devices, a memory leak on Packet Forwarding Engine might occur. PR1624655

  • The application package installation might fail with error in SRX Series devices. PR1626589

  • vSRX3 on VMware ESXi versions 7.0u2 or 7.0u3 with i40e SR-IOV, traffic stopped after reboot. PR1627481

  • Resource errors in show interfaces extensive command output. PR1629986

  • On SRX Series devices running DNS Security, a dataplane memory leak may occur within the DNSF plugin when entries age-out of the DNSF cache. PR1633519

  • Application group name is not found for micro apps in CLI show output. PR1640040

  • The Packet Forwarding Engine might stop on Junos OS SRX Series devices. PR1642914


  • The failover process may become slow in a vSRX cluster if the gstatd process stops running. PR1626423

Interfaces and Chassis

  • Static route might not work on vSRX. PR1613430

Intrusion Detection and Prevention (IDP)

  • SRX Series devices pause while checking the CLI show security idp attack attack-list policy combine-policy command. PR1616782


  • J-Web might only allow certain types of interfaces to be added in a routing-instance. PR1637917

Routing Protocols

  • The rpd process might generate core files due to memory corruption. PR1599751

  • Memory leak in global data shm process might lead to traffic outage. PR1626704

User Interface and Configuration

  • A low privileged user can elevate their privileges to the ones of the highest privileged J-Web user logged in. PR1593200


  • Unable to set DynamoDB in HSM module. PR1599069

  • The process kmd might stop if the ike gateway is configured with two IP address. PR1626830