Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Resolved Issues

Learn about the issues fixed in this release for SRX Series.

Application Layer Gateways (ALGs)

  • H.323 traffic failure caused by RAS packet drops when incorrect route lookup performed PR1688986

Authentication and Access Control

  • Connection fails are observed on Junos despite a valid auth entry PR1692398

Chassis Clustering

  • New secondary node to go into a disabled state after ISSU and failover RG0 because of fabric link failure PR1678772

  • The secure tunnel interface does not work properly in SRX standalone mode PR1702763

  • GTPv2 Message Filtering is not working PR1704472

  • From 20.4 onwards,St0.16000 to st0.16385 will not be allowed to be configured in HA and MNHA mode PR1704670

Flow-Based and Packet-Based Processing

  • The non-fragmented packets will get dropped on the SRX5K platforms with SPC3 card PR1683835

  • VPN logs in monitor hierarchy on j-web not being seen. PR1691095

  • Packet loss is observed for IPSec sessions when PMI is enabled PR1692885

  • Application traffic drop seen on all SRX platforms due to TCP window size issue PR1699578

  • Core dump will be seen when user is changing interface configuration PR1704623

  • A flowd process crash is seen on SRX4100/4200/4600, vSRX, and SRX5K with SPC3 card when a route is changed frequently PR1705996

  • The IPv6 source-level fragmented SCTP packets passing through an IPSec tunnel will be dropped PR1708876

General Routing

  • HA AP mode on-box logging in LSYS and Tenant: Security log verification is failing as the contents of binary log file in LSYS are not as expected PR1587360

  • SRX4600 - Packet drop or srxpfe coredump might be observed PR1620773

  • SRX5600/5800 - SNMP mib queries may result in occasional response timeouts PR1631149

  • No system or chassis alarm will be seen when device booting from backup partition PR1646943

  • SRX4600HA might not failover properly due to a hardware failure PR1683213

  • SRX1500 chassis cluster port ge-0/0/1 does not work in switching mode PR1690621

  • IPSEC tunnel is not getting established back after the execution of 'clear security ike sa' PR1694604

  • The user-id entries will not be synced with secondary node PR1701990

  • TCP packet drops are seen when services-offload is enabled PR1702138

  • The flowd crash and core will be observed when TLS 1.3 session ticket is received on SSL-I PR1705044

  • TX would be stuck and no packet can be transferred by the SPC3 card PR1706756

  • The ECDSA certificate based websites are not accessible when the SSL proxy is enabled from 22.1R1 onwards PR1709386

  • SRX4600 doesn't support ae interfaces PR1711467

  • The 'targeted-broadcast' feature will not work on some SRX platforms. PR1711729

  • Continuous vmcores observed on the secondary node when committing set system management-instance command PR1712727

  • Continuous vmcores observed on the secondary node when committing the "set system management-instance" command PR1713759

  • The SSL session drops because of the wrong SNI value PR1716893

  • The flowd process crash is observed when the web proxy packet reinjection fails PR1719703

  • ISSU is aborted after one node upgrade and flowd process crash is observed PR1722122

Interfaces and Chassis

  • SRX1500: Traffic fail seen on irb interface for network control forwarding class when verifying dscp classification based on single and multiple code-points PR1611623

  • Incompatible/unsupported configuration is not getting validated correctly during ISSU/normal upgrade causing the traffic loss PR1692404

Intrusion Detection and Prevention (IDP)

  • Network outage caused during change in IDP policy PR1705491

J-Web

  • [Jweb] "address-book address-book name attach zone" is unexpectedly removed when address-book entry is added or removed by Jweb PR1712454

Layer 2 Ethernet Services

  • DHCPv6 client options missing in solicit messages if TLV's exceeds a certain length PR1702831

Network Address Translation (NAT)

  • ICMP based traceroute is not showing any hops after SRX when SRX is configured with NAT64 PR1706541

  • Some sessions will not be deleted when the NAT rule is deleted from the system PR1712738

Network Management and Monitoring

  • source-address on syslog at custom routing-instance not applied right after rebooting PR1689661

Platform and Infrastructure

  • Fabric monitoring suspension and control link failure may cause HA cluster outage PR1698797

  • vmcores can be seen on SRX5k platforms when the fxp0 interface is configured under management-instance PR1714002

Routing Policy and Firewall Filters

  • Packet drops are seen for SRX destined traffic with self-traffic-policy PR1698021

  • Security policies go out of sync during ISSU PR1698508

  • The flowd process crash is observed with the security policy updated with changing IP address related to the FQDN PR1713576

Routing Protocols

  • The traffic drops are seen for the static route after VRRP failover when VRRP VIP is set as next-hop for that static route PR1687884

VPNs

  • Routes flapping when configuration changes are applied to custom routing instance PR1654516

  • 22.4R1:SRX_RIAD:srx5600:MN_HA:ike cookies didn't change in rekey lifetime expire cases after manual failover PR1690921

  • IPsec VPNs will disconnect after ISSU PR1696102

  • Mismatch in configured and negotiated proxy-identity parameters can lead to KMD core. PR1699691

  • The iked process will crash when VPN tunnels parameters are not matching PR1716092