Resolved Issues: 21.4R3

MSISDN prepended with additional digits (for example "19") in the logs PR1646463

A hardware issue is detected on the RG-0 primary node's CP PR1651501

GTP control packets might be incorrectly dropped/passed if there is more than one APN IMSI filter configured PR1673879

The traffic might get lost when using dedicated HA fabric link PR1651836

Performance degradation might be observed when Express Path and PME are both enabled PR1652025

The gre-performance-acceleration might cause VPLS traffic drop PR1661409

vSRX not processing fragmented packets PR1668898

22.2TOT :SecPDT:Unified L4/L7 Use Case Sky ATP: reth1 interface down and DCD cores observed on node1 during test on 22.2TOT image PR1657021

The flowd core might be observed when IDP policy rulebase changes PR1657056

Significant performance improvements were made to JWeb in this release. PR1652676

Various page errors have been corrected in JWeb PR1658330

The NAT ports exhaust when address-pooling pair is configured in SRX devices PR1651939

Syslog message " %AUTH-3: warning: can't get client address: Bad file descriptor" is displayed at Jweb login.. PR1581209

Juniper Secure Client: traffic gets dropped during reaching JSC installed CLIENT from SERVER behind gateway in TCP path finder enabled VPN gateway PR1611003

VPLS interface fails to forward traffic on SRX platform PR1611400

Execute RSI on SRX5K platform with IOC2 card installed may trigger data plane failover PR1617103

Traffic might be dropped due to the TX queue memory leak on PCI interface PR1618913

21.4R1:IPSEC:pkid.core-tarball found @ pkid_request_security_pki_local_cert_verify (msp=0x1abc940, csb=0xffffdb60, unparsed=0x1a7402e "certificate-id") at ../../../../../../../src/junos/usr.sbin/pkid/pkid_ui.c:1076 PR1624844

Traffic might be dropped due to the RX queue being full PR1641793

Junos OS: RIB and PFEs can get out of sync due to a memory leak caused by interface flaps or route churn (CVE-2022-22209) PR1642172

Flowd crash when back to back sigpack is updated at the time of stress traffic PR1642383

The severity of AAMW and SMS' control and submission channel alarms have been reduced from 'major' to 'minor' to avoid triggering a chassis cluster failover in the event of an upstream network issue PR1648330

22.1R1:AUTH:unable to get the "firewall-authentication users" details on node 1 PR1651129

The control link may not come up during the reboot PR1654838

Certificate-based VPN tunnel is not established PR1655571

The fxp0 interface might remain 'UP' when the cable is disconnected PR1656738

22.2R1:: MISC:: mspmand core found @sarena_free @mum_free @jsf_shm_free @jssl_mem_pool_free @jsf_openssl_free @CRYPTO_free @ssl_cert_free @jssl_config_dtor @msvcs_plugin_send_control_rt PR1657027

Radius responses that take longer than 15 seconds can cause SRX to declare authentication failure PR1658833

SRX alarming "SMS control channel down" without SMS feature configured PR1666420

The flowd crash might occur when AAMW (Advanced-Anti-Malware) encounters a memory leak PR1675722

The utility 'monitor security packet-drop' now correctly reports policy-related drops for unified policy (includes the exact policy that dropped the packet) PR1576150

Security policy state may be invalid on SRX platforms PR1669386

The rpd process crashes whenever it is getting shut down with router reboot, rpd restart, RE switchover, software upgrade PR1670998

Delay in BGP session establishment due to longer time for the listening task to be ready on all platforms running "rpd" PR1651211

The BSR information might not be flooded over NG-MVPN PR1664211

New UTM Content-Filtering CLI is changing from seclog to log PR1634580

Modification of Content-Filtering rule order after JunOS 21.4 would not have the desired effect. PR1653488

IPSec tunnel will flap post MNHA configuration commit PR1669104

"gethostbyname: Host name lookup failure" is displayed during commit PR1673176

The configuration change in SRG-1 might cause HA link encryption tunnel flap PR1598338

Fragmented packets might drop when PMI is enabled PR1624877

21.4Th :SPC3-Config payload :Tunnel bringing up failed from strongswan when changing the configuration IKE in VR and observed the " NO_PROPOSAL_CHOSEN notify error" message PR1627963

Severity is unknown at some IPSec syslog messages PR1629793

[SNMP] Whenever snmp get request is performed with multiple OIDs and a few OID requests are for invalid tunnels (tunnels which are not present), ?No Such Instance currently exists at this OID? is received even for valid tunnels. PR1632932

IPsec tunnel might stop processing traffic PR1636458

The IPSec tunnel via IPv6 might not establish after rebooting SRX devices PR1653704

The Juniper secure connect VPN users may face login issues intermittently PR1655140

Packets traversing through a policy-based VPN get dropped when PowerMode is enabled PR1663364

IPSec tunnels may flap on SRX platforms PR1665332

High Control Plane CPU utilisation while the kmd process is stuck after the core file PR1673391