Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Resolved Issues

Learn about the issues fixed in this release for SRX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Chassis Clustering

  • The Create Bearer Request might be dropped on SRX platforms PR1629672

  • MSISDN prepended with additional digits (for example "19") in the logs PR1646463

  • A hardware issue is detected on the RG-0 primary node's CP PR1651501

Flow-Based and Packet-Based Processing

  • The traffic might get lost when using dedicated HA fabric link PR1651836

  • Performance degradation might be observed when Express Path and PME are both enabled PR1652025

Intrusion Detection and Prevention (IDP)

  • 21.2R3:SRX345:vSRX3.0:Device is hanging while checking the cli " show security idp attack attack-list policy combine-policy" PR1616782


  • Significant performance improvements were made to JWeb in this release. PR1652676

  • Various page errors have been corrected in JWeb PR1658330

Platform and Infrastructure

  • Syslog message " %AUTH-3: warning: can't get client address: Bad file descriptor" is displayed at Jweb login.. PR1581209

  • Juniper Secure Client: traffic gets dropped during reaching JSC installed CLIENT from SERVER behind gateway in TCP path finder enabled VPN gateway PR1611003

  • VPLS interface fails to forward traffic on SRX platform PR1611400

  • Execute RSI on SRX5K platform with IOC2 card installed may trigger data plane failover PR1617103

  • Traffic might be dropped due to the TX queue memory leak on PCI interface PR1618913

  • On SRX Series devices running DNS Security, if a DGA was detected and the action in the configuration was set to 'permit', under rare circumstances, a log would not be generated by the device. PR1624076

  • 21.4R1:IPSEC:pkid.core-tarball found @ pkid_request_security_pki_local_cert_verify (msp=0x1abc940, csb=0xffffdb60, unparsed=0x1a7402e "certificate-id") at ../../../../../../../src/junos/usr.sbin/pkid/pkid_ui.c:1076 PR1624844

  • Reverse DNS Lookups will no longer be stored in the DNSF Cache when using DNS Security PR1631000

  • On SRX Series devices running DNS Security, a dataplane memory leak may occur within the DNSF plugin when entries age-out of the DNSF cache PR1633519

  • Dynamic-address feeds might not work PR1635705

  • 22.1R1:SRX-RIAD:vSRX3.0: SSL: RT:junos-ssl-term is not found in ssl-trace-new logs PR1640075

  • Traffic might be dropped due to the RX queue being full PR1641793

  • 22.1TOT : SnP :SRX5K_SPC3 : Observing Error "usp_ipc_client_recv_:ipc_pipe_read() " due to coredump,when checking "show security monitoring" cli command, in the latest 22.1(22.1I-20220108.0.0529) build. PR1641995

  • Flowd crash when back to back sigpack is updated at the time of stress traffic PR1642383

  • The SKY ATP integrated service might get impacted on SRX with LSYS PR1643373

  • 21.2R3 : Issue with the command "clear security idp counters packet-log logical-system all" PR1648187

  • The severity of AAMW and SMS' control and submission channel alarms have been reduced from 'major' to 'minor' to avoid triggering a chassis cluster failover in the event of an upstream network issue PR1648330

  • Fabric Board reset with an error message may be observed on certain Junos platforms PR1648850

  • 22.1R1:AUTH:unable to get the "firewall-authentication users" details on node 1 PR1651129

  • SMB File submissions to ATP cloud failed PR1653098

  • Certificate-based VPN tunnel is not established PR1655571

  • The fxp0 interface might remain 'UP' when the cable is disconnected PR1656738

  • Radius responses that take longer than 15 seconds can cause SRX to declare authentication failure PR1658833

Routing Protocols

  • Delay in BGP session establishment due to longer time for the listening task to be ready on all platforms running "rpd" PR1651211

Unified Threat Management (UTM)

  • New UTM Content-Filtering CLI is changing from seclog to log PR1634580

  • Modification of Content-Filtering rule order after JunOS 21.4 would not have the desired effect. PR1653488


  • The process "iked" crash might be seen for IKEv1 based VPN tunnels PR1608724

  • Fragmented packets might drop when PMI is enabled PR1624877

  • Severity is unknown at some IPSec syslog messages PR1629793

  • IPsec tunnel might stop processing traffic PR1636458

  • The IPSec tunnel via IPv6 might not establish after rebooting SRX devices PR1653704

  • The Juniper secure connect VPN users may face login issues intermittently PR1655140

  • The device enabled with FIPS mode and rebooted the system fails to boot PR1655355