Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Open Issues

Learn about open issues in Junos OS Release 21.3R3 for vSRX.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Flow-Based and Packet-Based Processing

  • traffic in the power-mode still passthrough when the ingress logic interface is manually disabled PR1604144

  • The ICMPv6 tcp sequence info is missing in the icmp v6 error generated. PR1611202


  • adding a new VPN in CLI with J-Web logged in and user in dashboard page. to reflect the changes in dashboard, please do the workaround provided. Workaround: if out of band config changes (changes done in CLI), on refresh of dashboard widget changes will not be reflected until cache re-syncs. user has to navigate to some other menu or logout and login and come back where the cache sync will happen and latest data will be displayed. PR1589868

  • When ADVPN or Auto Connect VPN has more than one IPsev VPN connections, J-Web displays any one of the remote gateway's IP address as Remote IP in the VPN Monitoring widget PR1599027

Platform and Infrastructure

  • Under very rare conditions for HA cluster deployment, when it does RG0 failover and at same time, the control link is down, then it will hit this mib2d core because the master RE and secondary RE are out of syncing dcd.snmp_ix information. PR1571677

  • With ssl-proxy configured along with web-proxy, the client session might not closed on the device even though proxy session ends gracefully. PR1580526

  • Please turn on below configuration on vSRX when performance is a concern. With below configuration turn on, performance will be improved set security forwarding-options no-allow-dataplane-sleep PR1602564

  • The switch reason is being shown as nh change instead of sla violated in the best path log message. PR1602571

  • One needs to configure set security forwarding-options no-allow-dataplane-sleep for high traffic rate use cases. PR1602606

  • 21.3R1:advanced-anti-malware Hash feature is deprecated PR1604426

  • The device will be unavailable while performing FIPS 140-2 or FIPS 140-3 level 2 test on FreeBSD 12 based Junos OS platforms. PR1623128

  • AMR when it is enabled in non-cso v6 over v6 mode with IPSEC tunnels, the first session after reboot or forward restart, will not have multipath treatment, post that the feature works fine. PR1643570


  • When using Group VPN, in certain cases, the PUSH ACK message from the group member to the group key server may be lost. The group member can still send rekey requests for the TEK SAs before the hard lifetime expiry. Only if the key server sends any new PUSH messages to the group members, those updates would not be received by the group member since the key server would have removed the member from registered members list.PR1608290