Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Resolved Issues

Learn about the issues fixed in this release for SRX Series.

Application Layer Gateways (ALGs)

  • Junos OS: SRX 5000 Series: Upon processing of a specific SIP packet an FPC can crash (CVE-2023-22408) PR1658604

  • SIP 200 OK(INVITE) response packets are dropped leading to SIP Call failure PR1677554

  • SIP calls are getting dropped due to NAT failure and SIP ALG is enabled PR1686613

  • H.323 traffic failure caused by RAS packet drops when incorrect route lookup performed PR1688986

Chassis Clustering

  • New secondary node to go into a disabled state after ISSU and failover RG0 because of fabric link failure PR1678772

  • Policy configured with condition route-active-on import is not working properly after RG0 failover PR1686648

  • Chassis cluster IP monitoring on the secondary node failed after the system reboot on the SRX platforms PR1691071

  • The secure tunnel interface does not work properly in SRX standalone mode PR1702763

  • GTPv2 Message Filtering is not working PR1704472

Flow-Based and Packet-Based Processing

  • 22.2R1:SRX5K:SD-WAN: To track RE and PFE sync issue with NAT configs and closed scan session counter issue PR1661796

  • In SD-WAN the association between VRF instance and VRF group fails for ISSU from 19.2~21.1 to 22.2R1 PR1661935

  • The non-fragmented packets will get dropped on the SRX5K platforms with SPC3 card PR1683835

  • The flow sessions traversing the IOC2 card would time out early when Express Path is enabled PR1688658

  • SOF was incorrectly offloading short-lived flows leading to early exhaustion of NP memory, reducing overall device performance PR1692100

  • Application traffic drop seen on all SRX platforms due to TCP window size issue PR1699578

General Routing

  • SRX4600 - Packet drop or srxpfe coredump might be observed PR1620773

  • SRX5600/5800 - SNMP mib queries may result in occasional response timeouts PR1631149

  • 21.3R2:SRX_RIAD:srx1500,srx4200:SKYATP:IMAP/IMAPS Email permitted counter is not incremented in AAMW email statistics while testing whole email block. PR1646661

  • Split tunneling feature will not work PR1655202

  • Archived files created by non-root users may not include some files PR1657958

  • SRX4600 platforms in split brain scenario post ISSU PR1658148

  • PR : monitored IP addresses for a redundancy group are reachable despite removing the redundant Ethernet interface from a zone PR1668532

  • Traffic loss may be seen due to SPC3's packets getting stuck PR1671649

  • VPN tunnel will not be established in exclusive client scenario PR1674522

  • Netbios traffic (IRB broadcast) is getting dropped post upgrade on the SRX platform PR1675853

  • Dial-on-demand mode on the dialer interface is not working as expected PR1680405

  • SRX4600HA might not failover properly due to a hardware failure PR1683213

  • "NSD_CLEAR_POLICY_DNS_CACHE_ENTRY_IP" log is not found on the device after keeing DNS cache entry unchanged PR1684268

  • The cluster fabric link will be down post reboot of node or power cycle PR1684756

  • The user authentication page is not rendering on the client browser PR1685116

  • unexpected default event-rate value for event mode logging PR1687244

  • The chassis cluster will not respond to DNS queries when configured with DNS proxy service PR1688481

  • The system may crash when Jflow inactive timeout is configured to be less than 'previous flow-inactive-timeout + 180' seconds PR1688627

  • SNMP MIB walk for jnxBoxDescr OID returns incorrect value PR1689705

  • SRX1500 chassis cluster port ge-0/0/1 does not work in switching mode PR1690621

  • SRX cluster may fail in a rare scenario when node status changes to disabled state without going through the ineligible state PR1692611

  • The process srxpfd/ flowd will crash on SRX devices PR1694449

  • The flowd crash and core will be observed when TLS 1.3 session ticket is received on SSL-I PR1705044

Platform and Infrastructure

  • "%DAEMON-4: Set system alarm failed: Operation not supported by device" message is seen on high end SRX PR1681701

  • Fabric monitoring suspension and control link failure may cause HA cluster outage PR1698797

Routing Protocols

  • High CPU is seen on the platforms running IPv6 PR1677749

VPNs

  • Traffic over IPSec tunnels may be dropped during ISSU PR1416334

  • 19.2TH:VPN:SRX5600: While verifying "show security ipsec next-hop-tunnels" output in device the IPsec SA and NHTB entry is not getting cleared after configuring firewall filter PR1432925

  • The kmd crash is seen if the external-interface is empty in the IKE gateway configuration PR1664910

  • Master-encryption-password is not accessible when system is in FIPS mode PR1665506

  • VPN traffic loss is seen after HA node reboot while using traffic selectors PR1667223

  • Mismatch in configured and negotiated proxy-identity parameters can lead to KMD core. PR1699691