Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Resolved Issues

Learn about the issues fixed in this release for vSRX.

Flow-Based and Packet-Based Processing

  • Traffic in the power mode still passthrough when the ingress logic interface is manually disabled. PR1604144

Intrusion Detection and Prevention (IDP)

  • SRX Series devices pause when the show security idp attack attack-list policy combine-policy command is executed. PR1616782


  • J-Web might only allow certain types of interfaces to be added in a routing instance. PR1637917

  • Significant performance improvements were made to J-Web. PR1652676

Platform and Infrastructure

  • Tag "RT_FLOW_SESSION_XXX" is missing in stream mode. PR1565153

  • PKID core during auto-re-enrollment of CMPv2 certificates. PR1580442

  • Getting UNKNOWN instead of HTTP-PROXY for application and UNKNOWN instead of GOOGLE-GEN in RT-FLOW close messages These messages can be seen in the RT-flow close log and these are due to JDPI not engaged for the session. This may affect the app identification for the web-proxy session traffic. PR1588139

  • During SaaS probing, due to race condition between APP entry addition and session processing, this core is seen. PR1622787

  • On SRX Series devices running DNS security, if a DGA was detected and the action in the configuration was set to permit, under rare circumstances, a log would not be generated by the device. PR1624076

  • Signature package update might fail and the AppID process might stop on SRX Series devices. PR1632205

  • On SRX Series devices running DNS Security, a dataplane memory leak might occur within the DNSF plugin when entries age-out of the DNSF cache. PR1633519

  • Application group name is not found for micro applications in CLI show output. PR1640040

  • The junos-ssl-term is not found in ssl-trace-new logs. PR1640075

  • The Packet Forwarding Engine process might pause on SRX Series devices. PR1642914

  • Certificate based VPN tunnel is not established. PR1655571

Subscriber Access Management

  • Same set of ciphers used in all 3 cipher categories low or medium or strong. PR1646260

Unified Threat Management (UTM)

  • New UTM content filtering CLI is changing from seclog to log. PR1634580

  • Modification of content filtering rule order after Junos OS release 21.4 would not have the desired effect. PR1653488

  • Web browser traffic might get blocked when matched to the content filtering rule with file-types 7z. PR1656266

User Interface and Configuration

  • In an SRX Series devices with chassis cluster and VPN configuration, primary node in cluster might generate kmd core files in a loop when a commit fails with lock can not be taken on other node followed by another commit. PR1608718


  • Unable to set DynamoDB in HSM module. PR1599069

  • IPsec tunnel might stop processing traffic. PR1636458