Resolved Issues

Secondary node in a chassis cluster might go into reboot loop on SRX Series devices. PR1606724

The Create Bearer Request might be dropped on SRX Series devices. PR1629672

Post a series of actions MNHA functionality might not be available despite the configuration presence. PR1638794

MSISDN prepended with additional digits in the logs. PR1646463

Failover might not happen correctly in a chassis cluster when there is a hardware issue with the Central Point. PR1651501

Packets might not be classified according to the CoS rewrite configuration. PR1634146

The process nsd might crash continuously due to failure in creating/reinitializing the file /var/db/ext/monitor-flow-cfg. PR1638008

The traffic might get lost when using dedicated HA fabric link. PR1651836

Performance degradation might be observed when Express Path and PME are both enabled. PR1652025

Members MAC might be different from parent reth0 interface, resulting loss of traffic. PR1583702

SRX Series devices pause when the show security idp attack attack-list policy combine-policy command is executed. PR1616782

Packet Forwarding Engine genrates core files on all Junos OS platforms. PR1634305

The reboot or halt from J-Web might fail on SRX series devices. PR1638370

Significant performance improvements were made to J-Web. PR1652676

Junos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URL (CVE-2022-22156) PR1542229

DNS proxy service on SRX Series devices might stop working after commit operation is performed. PR1598065

New persistent NAT or normal source NAT sessions might fail due to noncleared aged out sessions. PR1631815

CFMD core files might be seen on SRX Series devices. PR1538173

The process pkid core files might be observed during local certificate enrollment. PR1573892

Syslog message %AUTH-3: warning: can't get client address: Bad file descriptor is displayed at J-Web login. PR1581209

BGP adjacency might not get established in Layer 2 IRB scenario. PR1582871

Getting UNKNOWN instead of HTTP-PROXY for application and UNKNOWN instead of GOOGLE-GEN in RT-FLOW close messages These messages can be seen in the RT-flow close log and these are due to JDPI not engaged for the session. This might affect the application identification for the web-proxy session traffic. PR1588139

The issue is when we enable TCP path finder in the VPN gateway, VPN connection is established properly. After VPN connection is established, able to ping from JSC installed CLIENT to SERVER behind gateway, but unable to ping from SERVER behind gateway to Juniper Secure Connect installed CLIENT. PR1611003

Execute RSI on SRX5000 line of devices with IOC2 card installed may trigger data plane failover. PR1617103

The Layer 2 switching doesn't work as expected when running VRRP on IRB interface. PR1622680

On SRX Series devices running DNS Security, if a DGA was detected and the action in the configuration was set to permit, under rare circumstances, a log would not be generated by the device. PR1624076

PKID could stop and generate a core file when there was limited memory available on the Routing Engine. PR1624613

The PKID process stops due to null pointer dereferencing during local certificate verification in some cases. PR1624844

A major alarm DPDK Tx stuck issue of SRX4100 and SRX4200 devices. PR1626562

Error message gencfg_cfg_msg_gen_handler drop might be seen after running commit command. PR1629647

The srxpfe process might crash on SRX4600 device. PR1630990

Reverse DNS lookups will no longer be stored in the DNSF cache when using DNS security. PR1631000

The show commands to display DNS cache summary, display only DNS cache C2 entries and display only DNS cache begin entries are needed. PR1631002

Signature package update might fail and the AppID process might stop on SRX Series devices. PR1632205

Tasks of download manager might not be resumed post reboot. PR1633503

On SRX Series devices running DNS Security, a dataplane memory leak may occur within the DNSF plugin when entries age-out of the DNSF cache. PR1633519

IP monitor might install default route with incorrect preference value when multiple IP monitoring is configured. PR1634129

Most of the Dynamic Address Entries might report 0 IPv4 entries. PR1634881

The srxpfe process might stop while installing IDP sigpack with scaled traffic on SRX Series devices. PR1637181

Unable to connect to domain controller on installing Microsoft KB update. PR1637548

AppID installation failure on the secondary HA node in case of failover. PR1638588

The spcd process might stop during certain Linux based FPC card restart. PR1638975

The error is seen during the non ISSU upgrade from Junos OS release 15.1 to Junoe OS release 18.2 and later releases. PR1639610

Configuration change during AppQoS session might result in Packet Forwarding Engine stop with flowd process generates core file. PR1640768

Traffic might be dropped due to the RX queue being full. PR1641793

Observing Error usp_ipc_client_recv_:ipc_pipe_read() due to core file,when checking show security monitoring CLI command. PR1641995

The Packet Forwarding Engine process might pause on SRX Series devices. PR1642914

The ATP integrated service might get impacted on SRX Series devices with logical system. PR1643373

The on-box security logs might be not storing the session-id as a 64-bit integer, resulting in incorrect session-id's being present in the on-box logs. PR1644867

Issue with the command clear security idp counters packet-log logical-system all. PR1648187

The severity of AAMW and SMS control and submission channel alarms have been reduced from major to minor to avoid triggering a chassis cluster failover in the event of an upstream network issue. PR1648330

SCB reset with Error : zfchip_scan line = 844 name = failed due to PIO errors. PR1648850

Unable to get the firewall-authentication users details on node 1. PR1651129

SMB file submissions to ATP cloud failed. PR1653098

Certificate based VPN tunnel is not established. PR1655571

Radius responses that take longer than 15 seconds can cause SRX Series devices to declare authentication failure. PR1658833

Delay in BGP session establishment due to longer time for the listening task to be ready on all platforms running rpd. PR1651211

New UTM content filtering CLI is changing from seclog to log. PR1634580

Modification of content filtering rule order after Junos OS release 21.4 would not have the desired effect. PR1653488

In an SRX Series devices with chassis cluster and VPN configuration, primary node in cluster might generate kmd core files in a loop when a commit fails with lock can not be taken on other node followed by another commit. PR1608718

MGD core might be observed upon ISSU upgrade. PR1632853

Unable to access configure exclusive mode after mgd process is stopped. PR1641025

The configuration change in SRG-1 might cause HA link encryption tunnel flap. PR1598338

The process iked stop might be seen for IKEv1 based VPN tunnels. PR1608724

Fragmented packets might drop when PMI is enabled. PR1624877

Traffic loss over IPsec tunnel might be seen on SRX Series devices. PR1628007

IPsec tunnel might stop processing traffic. PR1636458

The kmd process might crash if the IKE negotiation fragment packets are missed during initiating an IKE SA rekey. PR1638437

IPsec tunnel through IPv6 won't establish after rebooting. PR1653704