Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Resolved Issues: 21.4R2

Authentication and Access Control

  • The authentication delay might occur upto 60 seconds if same user authenticates. PR1626667

Chassis Clustering

  • Secondary node in a chassis cluster might go into reboot loop on SRX Series devices. PR1606724

  • SPU might become offline on standby node after failover in SRX Series device chassis cluster. PR1624262

  • The Create Bearer Request might be dropped on SRX Series devices. PR1629672

  • BFD over high availability ICL link might flap. PR1631938

  • Post a series of actions MNHA functionality might not be available despite the configuration presence. PR1638794

Flow-Based and Packet-Based Processing

  • The services offload packets processed counter not incremented in security flow statistics. PR1616875

  • The flowd process might generate core files if route change or delete in PMI mode. PR1624707

  • Packets may not be classified according to the CoS rewrite configuration. PR1634146

  • The process nsd may stop continuously due to failure in creating or reinitializing the file /var/db/ext/monitor-flow-cfg. PR1638008

  • On SRX 4600 and SRX5000 line of devices running Junos OS release 21.3R1 or later, when Express Path and Power Mode Express Path (PME) are enabled at the same time, the sessions may not be properly offloaded to the Trio ASIC's and device performance may suffer as a result. PR1652025

General Routing

  • PKID core might occur during cert signature validation. This core is not very frequent and occurs due to memory corruption. PR1573892

  • The fxp0 interface of an SRX550 device in cluster might become unreachable from an external network. PR1575231

  • BGP adjacency might not get established in Layer 2 with IRB scenario. PR1582871

  • Getting UNKNOWN instead of HTTP-PROXY for application and UNKNOWN instead of GOOGLE-GEN in RT-FLOW close messages These messages can be seen in the RT-flow close log and these are due to JDPI not engaged for the session. This may affect the app identification for the web-proxy session traffic. PR1588139

  • On Juniper Secure Client, the traffic gets dropped during reaching Juniper Secure Connect installed client from server behind gateway in TCP path finder enabled VPN gateway. PR1611003

  • Execute RSI on SRX5000 line of devices with IOC2 card installed may trigger data plane failover. PR1617103

  • On SRX Series devices using On-Box Logging, LLMD write failures may be seen under high load. The output of 'show security log llmd counters' can be used to view LLMD behaviour. PR1620018

  • The flowd process might crash on SRX/NFX in AppQoE scenarios PR1621495

  • The L2 switching doesn't work as expected when running VRRP on IRB interface PR1622680

  • On SRX Series devices running DNS Security, if a DGA was detected and the action in the configuration was set to 'permit', under rare circumstances, a log would not be generated by the device. PR1624076

  • In rare circumstances, PKID could crash and generate a core-file when there was limited memory available on the routing-engine PR1624613

  • Coredumps might be reported on installing IDP security package PR1625364

  • The flowd process lost heartbeat for 45 consecutive seconds without alarm raised PR1625579

  • The error might be seen after configuring a unified security policy allowing some app categories PR1628202

  • When viewing DNS Tunnel detections in the ATP Cloud portal, the Source-IP and Destination-IP metadata is reversed. PR1629995

  • Depending on the configuration of the SRX, duplicate events may have been written to the on-box logging database. This fix improves LLMD performance by eliminating these duplicate write events PR1630123

  • LLDP packets may be sent with incorrect source MAC for RETH/LAG child members PR1630886

  • The srxpfe process might crash on SRX4600 PR1630990

  • Reverse DNS Lookups will no longer be stored in the DNSF Cache when using DNS Security PR1631000

  • Signature package update may fail and the appid process may crash on SRX devices PR1632205

  • Tasks of download manager may not be resumed post reboot PR1633503

  • On SRX Series devices running DNS Security, a dataplane memory leak may occur within the DNSF plugin when entries age-out of the DNSF cache PR1633519

  • Most of the Dynamic Address Entries might report 0 IPv4 entries PR1634881

  • The srxpfe process might crash while installing IDP sigpack with scaled traffic on SRX platforms PR1637181

  • Unable to connect to domain controller on installing Microsoft KB update PR1637548

  • The spcd process might crash during certain Linux based FPC card restart PR1638975

  • The error is seen during the NON-ISSU upgrade from 15.1 to 18.2 and later releases PR1639610

  • Configuration change during AppQoS session might result in PFE crash with flowd core PR1640768

  • Traffic might be dropped due to the RX queue being full PR1641793

  • The pfe crash may occur on JUNOS SRX platforms PR1642914

  • The SKY ATP integrated service might get impacted on SRX with LSYS PR1643373

  • On-Box Security Logs might be not storing the session-id as a 64-bit integer, resulting in incorrect session-id's being present in the on-box logs PR1644867

  • 21.2R3 : Issue with the command "clear security idp counters packet-log logical-system all" PR1648187

Interfaces and Chassis

  • Members mac might be different from parent reth0 interface, resulting loss of traffic PR1583702

  • 21.4DCB SecPDT: SRX4600: dcd core at /.amd/svl-engdata5vs2/occamdev/build/freebsd/stable_12/20210819.161417__ci_fbsd_builder_stable_12.0.54769caa/src/lib/libc/i386/string/strncmp.S:69 PR1617881

Intrusion Detection and Prevention (IDP)

  • 21.2R3:SRX345:vSRX3.0:Device is hanging while checking the cli " show security idp attack attack-list policy combine-policy" PR1616782


  • After a HA cluster is created, you are unable to edit it in J-Web PR1636237

  • reboot/halt from J-web may fail on SRX series platforms PR1638370

  • Significant performance improvements were made to JWeb in this release. PR1652676

Network Address Translation (NAT)

  • DNS proxy service on SRX devices may stop working after commit operation is performed PR1598065

  • New persistent NAT or normal source NAT sessions might fail due to noncleared aged out sessions PR1631815

Platform and Infrastructure

  • The ppmd process might crash after an upgrade on SRX platforms PR1335526

  • Error message "gencfg_cfg_msg_gen_handler drop" might be seen after running commit command PR1629647

  • IP monitor may install default route with incorrect preference value when multiple IP monitoring is configured PR1634129

  • SCB reset with Error : zfchip_scan line = 844 name = failed due to PIO errors PR1648850

Routing Protocols

  • Observing commit error while configuring "routing-options rib inet6.0 static" on all Junos platforms PR1599273

Unified Threat Management (UTM)

  • New UTM Content-Filtering CLI is changing from seclog to log PR1634580

User Interface and Configuration

  • MGD core might be observed upon ISSU upgrade PR1632853


  • The configuration change in SRG-1 might cause HA link encryption tunnel flap PR1598338

  • The process "iked" crash might be seen for IKEv1 based VPN tunnels PR1608724

  • Uneven IPSEC tunnel distribution might be seen post tunnels re-establishment PR1615763

  • Traffic over IPSec tunnels may be dropped post control link failure PR1627557

  • Traffic loss over IPSEC tunnel might be seen on SRX platforms PR1628007

  • SRX devices generates core dump after upgrading to any release PR1628947

  • On all SRX products, when nat traversal is configured and working for an ipsec tunnel, there is a chance that the tunnel might stop processing packets after a rekey PR1636458

  • The kmd process might crash if the IKE negotiation fragment packets are missed during initiating an IKE SA rekey PR1638437