Open Issues
Learn about open issues in Junos OS Release 21.4R2 for SRX Series Gateways.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
- Chassis Clustering
- Flow-Based and Packet-Based Processing
- Interfaces and Chassis
- Network Address Translation (NAT)
- Platform and Infrastructure
- VLAN Infrastructure
- VPNs
Chassis Clustering
Flow-Based and Packet-Based Processing
-
For accelerated flows such as Express Path, the packet or byte counters in the session close log and show session output take into account only the values that accumulated while traversing the NP. PR1546430
Interfaces and Chassis
-
Traffic drop might be seen on irb interface on SRX1500 devices for network control forwarding class when verifying dscp classification based on single and multiple code-points. PR1611623
Network Address Translation (NAT)
-
In AA mode with NAT configuration, on RG failover, traffic getting dropped on SRX Series devices. PR1636596
Platform and Infrastructure
-
In macOS platforms, when the client connects successfully, the client is not getting minimized to the tray icon and it stays connected and you need to manually minimize it. PR1525889
-
HTTP sessions takes approximately 10 minutes to re-establish after a link flap between hub and spoke. PR1577021
-
With SSL proxy configured along with Web proxy, the client session might not closed on the device even though proxy session ends gracefully. PR1580526
-
On SRX Series devices, if the SNMP packet (traps or polls) has to cross multiple routing-instances, it will cause the packet to be dropped due to incorrect routing-instance ID added by SRX Series devices.PR1616775
-
The pkid process pause due to null pointer dereferencing during local certificate verification in some cases. PR1624844
-
For LTE interfaces (dl0, cl-*) on security devices, configured in a High Availability cluster mode if redundancy failover is performed then user might lose connection to the internet. If redundancy failover is not performed then no issue is seen. PR1625125
-
On the SRX4100 and SRX4200 platforms, it can detect DPDK Tx stuck issue and trigger a major chassis alarm goes which might trigger RG1 failover to the healthy node. A DPDK reset will be triggered only to the stuck port and if the reset resolves the tx stuck issue.PR1626562
-
LACPD generates core files sometimes when member links are swapped between two reth bundle using rollback operation given that prior to rollback each of the bundle already has maximum number of child links. PR1632371
-
SMTPS sessions are not getting identified when traffic is sent from IXIA (BPS) profile. PR1635929
-
The remote-access-juniper-std license might not get freed up while disconnect or reconnect after RG0 failover. PR1642653
-
The AAMW action log are not observed when setting log-notifications sometimes. PR1644000
-
Authentication entries will not be synchronized to secondary node in the HA setup and when switchover happens, already established authentication sessions will be lost and clients will have to login again with authentication credentials. PR1651129
-
The firewall authentication with user firewall based RADIUS access has system logs missing the username and rule. PR1654842
VLAN Infrastructure
-
For SOF Layer 2 secure wire session, if the macOS move happen on an existing offloaded session, the packet sent out by SRX Series devices will carry old macOS address and causing traffic drop on end user. PR1597681
VPNs
-
On SRX5400, SRX5600, and SRX5800 devices, during in-service software upgrade (ISSU), the IPsec tunnels flap, causing a disruption of traffic. The IPsec tunnels recover automatically after the ISSU process is completed. PR1416334
-
In some scenarios, the SRX5000 line of devices might show obsolete IPsec SA and NHTB entry even when the peer tear down the tunnel. PR1432925
-
Tunnel debugging configuration is not synchronized to the backup node. It needs to be configured again after RG0 failover. PR1450393
-
IPsec rekey fails when the SRX Series device is configured with kilobyte-based lifetime in remote access solution. PR1527384
-
First time when we add this command the existing active connections are not changed, only the new connection after this command will be taken into effect. PR1608715
-
Fragment packets through policy based IPsec tunnel could be dropped in some rare case when PMI is enabled. PR1624877