Open Issues
Learn about open issues in this release for SRX Series devices.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
- Application Layer Gateways (ALGs)
- Chassis Clustering
- Flow-Based and Packet-Based Processing
- General Routing
- Routing Policy and Firewall Filters
- VPNs
Application Layer Gateways (ALGs)
-
FTPS connection to the server will not be successful until the first attempt is aborted and a new connection to the server is made. PR1715918
Chassis Clustering
-
10G DAC cable is not supported at CTL/FAB link at SRX4100/4200 Cluster setup. Hardware Compatibility Tool (https://apps.juniper.net/hct/home/) reports 10G DAC cables are as "supported", but CTL and FAB links are out of scope. - SRX-SFP-10GE-DAC-1M - SRX-SFP-10GE-DAC-3MPR1636365
-
DSCP remarking is required to classify BFD packets as high priority.PR1693457
Flow-Based and Packet-Based Processing
-
For accelerated flows such as Express Path, the packet or byte counters in the session close log and show session output take into account only the values that accumulated while traversing the NP. PR1546430
General Routing
-
In mac-os platforms when Juniper Secure Connect client connects successfully, the client is not getting minimized to tray icon and needs to be minimized manually.PR1525889
-
IPsec rekey fails when SRX is configured with kilobyte based lifetime in remote access solution. PR1527384
-
With ssl-proxy configured along with web-proxy, the client session might not get closed on the device until session timeout, even though the proxy session ends gracefully.PR1580526
-
All VPN traffic may internally drop during encryption / decryption processing in HW engine requiring Packet Forwarding Engine plane reset. PR1630981
-
SRX550HM interfaces LED of ge-0/0/6-9 will auto turn off after device bootup some minutes.PR1634965
-
SMTPS sessions are not getting identified when traffic is sent from IXIA (BPS) profile. PR1635929
-
Device does not drop session with server certificate chain more than 6.PR1663062
-
On SRX platforms using authentication-scheme (pass-through/web-auth/web-redir) and authentication sources (firewall-user/ldap/radius) do not display the complete user's group information because the display buffer for showing group names for an authentication entry is too small.PR1673125
-
For logical system, tenant logical interface with unit 0 and without VLAN tagging/ VLAN id can be created from Network>Connectivity>Interfaces. Same cannot be done from Logical system or tenant workflow.PR1676235
-
FIPS mode is not supported in this release for SRX devices.PR1697999
-
On SRX380, the Autonegotiation status on the 1G/10G ports may be incorrectly displayed as "Incomplete". This has no impact to traffic.PR1703002
-
On SRX platforms, log streaming to the security director cloud fails on TLS when DNS re-query is performed.PR1708116
-
On all Junos SRX platforms, when security log profile is added without a category or stream can cause the srxpfe to crash. Due to this there will be complete traffic loss.PR1708777
Routing Policy and Firewall Filters
-
On SRX platforms configured with security policies, having huge number approx. 15 thousand of addresses and performing addition/deletion of such policies in short intervals of time might result in srxpfe process crash and hence, datapath traffic gets impacted. PR1725567
VPNs
-
In some scenarios, the kmd core might be seen when all VPNs are down. PR1336368
-
Tunnel debugging configuration is not synchronized to the backup node. It needs to be configured again after RG0 failover. PR1450393
-
First time when we add this command the existing active connections are not changed, only the new connection after this command will be taken into effect. PR1608715