Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Resolved Issues

Learn about the issues fixed in this release for SRX Series.

Chassis Clustering

  • MSISDN prepended with additional digits in the logs. PR1646463

  • Failover might not happen correctly in a chassis cluster when there is a hardware issue with the Central Point. PR1651501

  • In the MNHA SRG scenario on the IPv6 switching mode, not using Virtual MAC as the source MAC address for G-NDP. PR1670309

  • GTP control packets might be incorrectly dropped or passed if there is more than one APN IMSI filter configured. PR1673879

Flow-Based and Packet-Based Processing

  • The traffic might get lost when using dedicated HA fabric link. PR1651836

  • Performance degradation might be observed when Express Path and PME are both enabled. PR1652025

  • The gre-performance-acceleration might cause VPLS traffic drop. PR1661409

  • vSRX not processing fragmented packets. PR1668898

Interfaces and Chassis

  • The redundant Ethernet1 interface down and DCD generates cores files on node1. PR1657021

Intrusion Detection and Prevention (IDP)

  • The flowd process might generate core files when IDP policy rulebase changes. PR1657056

J-Web

  • Significant performance improvements were made to J-Web in this release. PR1652676

  • Various page errors have been corrected in J-Web. PR1658330

Platform and Infrastructure

  • Syslog message %AUTH-3: warning: can't get client address: Bad file descriptor is displayed at J-Web login. PR1581209

  • Juniper Secure Client traffic gets dropped during reaching JSC installed client from server behind gateway in TCP path finder enabled VPN gateway. PR1611003

  • VPLS interface fails to forward traffic on SRX Series devices. PR1611400

  • Execute RSI on SRX5000 line of devices with IOC2 card installed may trigger data plane failover. PR1617103

  • Traffic might be dropped due to the TX queue memory leak on PCI interface. PR1618913

  • The PKID process stops due to null pointer dereferencing during local certificate verification in some cases. PR1624844

  • A major alarm DPDK Tx stuck issue of SRX4100 and SRX4200 devices. PR1626562

  • The show commands to display DNS cache summary, display only DNS cache C2 entries and display only DNS cache benign entries are needed. PR1631002

  • On Junos platforms kernel panic might be seen during the boot sequence. PR1638923

  • The junos-ssl-term is not found in ssl-trace-new logs. PR1640075

  • Traffic might be dropped due to the RX queue being full. PR1641793

  • Observing Error usp_ipc_client_recv_:ipc_pipe_read() due to core file,when checking show security monitoring CLI command. PR1641995

  • The flowd process might stop when back to back sigpack is updated at the time of stress traffic. PR1642383

  • On Juniper Secure Connect the remote-access-juniper-std license not getting freed up while disconnect or reconnect after RG0 failover. PR1642653

  • The IMAP or IMAPS email permitted counter is not incremented in AAMW email statistics. PR1646661

  • The severity of AAMW and SMS control and submission channel alarms have been reduced from major to minor to avoid triggering a chassis cluster failover in the event of an upstream network issue. PR1648330

  • Unable to get the firewall-authentication users details on node 1. PR1651129

  • SMB file submissions to ATP cloud failed. PR1653098

  • The control link might not come up during the reboot. PR1654838

  • Certificate based VPN tunnel is not established. PR1655571

  • The fxp0 interface might remain UP when the cable is disconnected. PR1656738

  • When service-set is configured with syslog and SSL, mspmand process might generate core files and might cause traffic disruption. PR1657027

  • Radius responses that take longer than 15 seconds can cause SRX Series devices to declare authentication failure. PR1658833

  • The configuration might roll back after performing commit confirmed and then reboot. PR1659783

  • Cache miss counter increments twice instead of one. PR1663678

  • SRX alarming SMS control channel down without SMS feature configured. PR1666420

  • Information about users groups is not displayed completely. PR1673125

  • The flowd process might stop when AAMW encounters a memory leak PR1675722

Routing Policy and Firewall Filters

  • The utility monitor security packet-drop now correctly reports policy-related drops for unified policy. PR1576150

  • Security policy state may be invalid on SRX Series devices. PR1669386

  • The rpd process might stop before software upgrade. PR1670998

  • SRX stops refreshing the FQDNs used in the security policies and NAT. PR1680749

Routing Protocols

  • Delay in BGP session establishment due to longer time for the listening task to be ready on all platforms running rpd process. PR1651211

  • The BSR information might not be flooded over NG-MVPN. PR1664211

Unified Threat Management (UTM)

  • UTM content filtering CLI is changing from seclog to log. PR1634580

  • Modification of content filtering rule order after Junos OS release 21.4 would not have the desired effect. PR1653488

User Interface and Configuration

  • The gethostbyname: hostname lookup failure is displayed during commit. PR1673176

VPNs

  • Fragmented packets might drop when PMI is enabled. PR1624877

  • Tunnel bringing up failed from strongswan when changing the configuration IKE in VR and observed the NO_PROPOSAL_CHOSEN notify error message. PR1627963

  • Severity is unknown at some IPsec syslog messages. PR1629793

  • Whenever SNMP get request is performed with multiple OIDs and a few OID requests are for invalid tunnels. PR1632932

  • IPsec tunnel might stop processing traffic. PR1636458

  • The IPsec tunnel through IPv6 might not establish after rebooting SRX Series devices. PR1653704

  • The Juniper secure connect VPN users may face login issues intermittently. PR1655140

  • The device enabled with FIPS mode and rebooted the system fails to boot. PR1655355

  • Packets traversing through a policy-based VPN get dropped when PMI is enabled. PR1663364

  • The IPsec tunnels may flap on SRX Series devices. PR1665332

  • The control plane CPU utilization might reach 100% while KMD process stuck after core files generated on SRX345 device. PR1673391