Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Resolved Issues

Learn about the issues fixed in this release for SRX Series.

Application Layer Gateways (ALGs)

  • Junos OS: SRX 5000 Series: Upon processing of a specific SIP packet an FPC can crash (CVE-2023-22408) PR1658604

  • SIP 200 OK(INVITE) response packets are dropped leading to SIP Call failure PR1677554

  • SIP calls are getting dropped due to NAT failure and SIP ALG is enabled PR1686613

Chassis Clustering

  • Policy configured with condition route-active-on import is not working properly after RG0 failover. PR1686648

  • Chassis cluster IP monitoring on the secondary node failed after the system reboot on the SRX platforms. PR1691071

  • GTPv2 message filtering not working. PR1704472

Class of Service (CoS)

  • "show interfaces queue interface" command output not correctly displaying bps values for throughput higher than 4.25Gbps PR1596172

Flow-Based and Packet-Based Processing

  • 22.2R1:SRX5K:SD-WAN: To track RE and PFE sync issue with NAT configs and closed scan session counter issue PR1661796

  • In SD-WAN the association between VRF instance and VRF group fails for ISSU from 19.2~21.1 to 22.2R1 PR1661935

  • The flow sessions traversing the IOC2 card would time out early when Express Path is enabled PR1688658

  • SOF was incorrectly offloading short-lived flows leading to early exhaustion of NP memory, reducing overall device performance PR1692100

  • The PMI mode IPSEC tunnel on SRX4100/4200/4600, vSRX, and SRX5K with SPC3 card will core when the route is changed frequently PR1705996


  • All the security policies on Junos SRX platforms can get deleted while trying to delete any particular policy via J-Web PR1681549

Network Address Translation (NAT)

  • MNHA: Incorrectly a warning is thrown at commit check for Source NAT config when the source-address or destination-address of the NAT rule is set as PR1699407

Network Management and Monitoring

  • High logging rate may cause 'eventd' to increase RE CPU utilization PR1661323

Platform and Infrastructure

  • SMS Channel Down alarm on primary node of HA pair after upgrade PR1629972

  • 21.3R2:SRX_RIAD:srx1500,srx4200:SKYATP:IMAP/IMAPS Email permitted counter is not incremented in AAMW email statistics while testing whole email block. PR1646661

  • Packet loss might be seen on SRX4100 and SRX4200 devices from 20.2R2 PR1650112

  • Split tunneling feature will not work PR1655202

  • Archived files created by non-root users may not include some files PR1657958

  • SRX4600 platforms in split brain scenario post ISSU PR1658148

  • show fwauth user details is not displaying group information PR1659115

  • PR : monitored IP addresses for a redundancy group are reachable despite removing the redundant Ethernet interface from a zone PR1668532

  • Traffic loss seen due to SPC3's packets getting stuck PR1671649

  • VPN tunnel will not be established in exclusive client scenario PR1674522

  • Netbios traffic (IRB broadcast) is getting dropped post upgrade on the SRX platform PR1675853

  • PKID process crashes when validating the certificate chain of a certificate PR1679067

  • Dial-on-demand mode on the dialer interface is not working as expected PR1680405

  • "%DAEMON-4: Set system alarm failed: Operation not supported by device" message is seen on high end SRX PR1681701

  • SRX4600HA might not failover properly due to a hardware failure PR1683213

  • "NSD_CLEAR_POLICY_DNS_CACHE_ENTRY_IP" log is not found on the device after keeing DNS cache entry unchanged PR1684268

  • The cluster fabric link will be down post reboot of node or power cycle PR1684756

  • The user authentication page is not rendering on the client browser PR1685116

  • unexpected default event-rate value for event mode logging PR1687244

  • The chassis cluster will not respond to DNS queries when configured with DNS proxy service PR1688481

  • The system may crash when Jflow inactive timeout is configured to be less than 'previous flow-inactive-timeout + 180' seconds PR1688627

  • SNMP MIB walk for jnxBoxDescr OID returns incorrect value PR1689705

  • SRX cluster may fail in a rare scenario when node status changes to disabled state without going through the ineligible state PR1692611

  • Fabric monitoring suspension and control link failure may cause HA cluster outage PR1698797

  • The process srxpfd/ flowd will crash on SRX devices PR1694449

Routing Policy and Firewall Filters

  • SRX stops refreshing the FQDNs used in the security policies and NAT PR1680749

Routing Protocols

  • High CPU is seen on the platforms running IPv6 PR1677749

User Interface and Configuration

  • IPSec tunnel will flap post MNHA configuration commit PR1669104

VLAN Infrastructure

  • Traffic Stops when the mac address of a node changes in L2 secure-wire SOF PR1597681

  • OSPF neighbor won't establish under Transparent mode when neighborship across different zone PR1599891


  • Traffic over IPSec tunnels may be dropped during ISSU PR1416334

  • 19.2TH:VPN:SRX5600: While verifying "show security ipsec next-hop-tunnels" output in device the IPsec SA and NHTB entry is not getting cleared after configuring firewall filter PR1432925

  • Packets traversing through a policy-based VPN get dropped when PowerMode is enabled PR1663364

  • The kmd crash is seen if the external-interface is empty in the IKE gateway configuration PR1664910

  • Master-encryption-password is not accessible when system is in FIPS mode PR1665506

  • VPN traffic loss is seen after HA node reboot while using traffic selectors PR1667223

  • High Control Plane CPU utilisation while the kmd process is stuck after the core file PR1673391

  • 22.4R1:SRX_RIAD:srx5600:MN_HA:ike cookies didn't change in rekey lifetime expire cases after manual failover PR1690921