Resolved Issues
Learn about the issues fixed in this release for SRX Series devices.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
- Application Layer Gateways (ALGs)
- Chassis Clustering
- Class of Service (CoS)
- Flow-Based and Packet-Based Processing
- Interfaces and Chassis
- Intrusion Detection and Prevention (IDP)
- J-Web
- Network Management and Monitoring
- Platform and Infrastructure
- Routing Policy and Firewall Filters
- Routing Protocols
- User Interface and Configuration
- VLAN Infrastructure
- VPNs
Application Layer Gateways (ALGs)
Chassis Clustering
-
In the MNHA SRG scenario on the IPv6 switching mode, not using Virtual MAC as the source MAC address for G-NDP. PR1670309
-
GTP control packets might be incorrectly dropped or passed if there is more than one APN IMSI filter configured. PR1673879
-
Chassis cluster IP monitoring on the secondary node failed after the system reboot on the SRX Series devices. PR1691071
Class of Service (CoS)
-
The show interfaces queue command output not correctly displaying bps values for throughput higher than 4.25Gbps. PR1596172
Flow-Based and Packet-Based Processing
-
The hardware acceleration flag was not properly updated on RT_FLOW_SESSION_CLOSE logs. Additionally, the values for "Services-offload-sessions" for customers using SPC2's in their SRX5000-Series devices was incorrect. PR1629216
-
The GRE performance acceleration might cause VPLS traffic drop. PR1661409
-
The Routing Engine and Packet Forwarding Engine sync issue with NAT configuration and closed scan session counter issues. PR1661796
-
In SD-WAN the association between VRF instance and VRF group fails for ISSU from Junos OS Release 19.2, 19.3, 19,4, and 21.1 to Junos OS Release 22.2R1. PR1661935
-
vSRX not processing fragmented packets. PR1668898
-
The non-fragmented packets might get dropped on the SPC3 card. PR1683835
-
The flow sessions traversing the IOC2 card would time out early when Express Path is enabled. PR1688658
-
SOF was incorrectly offloading short lived flows leading to early exhaustion of NP memory, reducing overall device performance. PR1692100
Interfaces and Chassis
-
The reth1 interface down and DCD cores files are seen on node1. PR1657021
Intrusion Detection and Prevention (IDP)
-
Execute RSI on SRX5000 line of devices might generate flowd process core files and trigger data plane failover. PR1665442
J-Web
-
All the security policies on Junos SRX Series devices can get deleted while trying to delete any particular policy through J-Web. PR1681549
Network Management and Monitoring
-
High logging rate might cause eventd to increase Routing Engine CPU utilization. PR1661323
Platform and Infrastructure
-
A major alarm DPDK Tx stuck issue of SRX4100 and SRX4200 devices. PR1626562
-
SMS channel down alarm on primary node of HA pair after upgrade. PR1629972
-
Packet loss might be seen on SRX4100 and SRX4200 devices from Junos OS Release 20.2R2. PR1650112
-
Split tunneling feature might not work. PR1655202
-
Archived file which created by non-root user might not include some files under /var/log/ directory. PR1657958
-
After ISSU upgrade completed, RG1 nodes priority remains in CS state and fab interfaces are down. PR1658148
-
The CPU utilization might increase when a user login and logout to the device continuously. PR1662172
-
Cache miss counter increments twice instead of one. PR1663678
-
SRX alarming SMS control channel down without SMS feature configured. PR1666420
-
NG custom APPID fails. PR1667221
-
IPv6 feature not working on SRX5000 line of devices. PR1668473
-
The monitored IP addresses for a redundancy group are reachable despite removing the redundant Ethernet interface from a zone. PR1668532
-
Traffic loss seen due to SPC3 packets getting stuck. PR1671649
-
The forwarding plane stops during HA failover. PR1672378
-
Information about users groups is not displayed completely. PR1673125
-
VPN tunnel will not be established in exclusive client scenario. PR1674522
-
A flowd process stops might occur when AAMW encounters a memory leak. PR1675722
-
NetBIOS traffic is getting dropped post upgrade on the SRX Series devices. PR1675853
-
PKID process stops when validating the certificate chain of a certificate. PR1679067
-
DOD mode on DL interface not working as expected. PR1680405
-
The NSD_CLEAR_POLICY_DNS_CACHE_ENTRY_IP log is not found on the device after keying DNS cache entry unchanged. PR1684268
-
The cluster fabric link will be down post reboot of node or power cycle. PR1684756
-
The unexpected default event-rate value for event mode logging. PR1687244
-
The system might stops when Jflow inactive timeout is configured to be less than previous flow-inactive-timeout + 180 seconds. PR1688627
-
SNMP MIB walk for jnxBoxDescr OID returns incorrect value. PR1689705
-
SRX cluster might fail in a rare scenario when node status changes to disabled state without going through the ineligible state. PR1692611
Routing Policy and Firewall Filters
-
The utility monitor security packet-drop now correctly reports policy-related drops for unified policy. PR1576150
-
Junos OS: SRX Series: Cache poisoning vulnerability in BIND used by DNS Proxy (CVE-2021-25220). PR1656324
-
Security policy state might be invalid on SRX Series devices. PR1669386
-
The rpd process stops whenever it is getting shut down with router reboot, rpd restart, Routing Engine switchover, and software upgrade. PR1670998
-
SRX Series devices stop refreshing the FQDNs used in the security policies and NAT. PR1680749
Routing Protocols
User Interface and Configuration
VLAN Infrastructure
VPNs
-
Traffic over IPsec tunnels might be dropped during ISSU. PR1416334
-
While verifying show security ipsec next-hop-tunnels command output in device the IPsec SA and NHTB entry is not getting cleared after configuring firewall filter. PR1432925
-
Tunnel bringing up failed from strongSwan when changing the configuration IKE in VR and observed the NO_PROPOSAL_CHOSEN notify error message. PR1627963
-
Severity is unknown at some IPsec SYSLOG messages. PR1629793
-
Packets traversing through a policy based VPN get dropped when PowerMode is enabled. PR1663364
-
IPsec tunnels might flap on SRX Series devices. PR1665332
-
Master encryption password is not accessible when system is in FIPS mode. PR1665506
-
High control plane CPU utilization while the kmd process is stuck after the core file. PR1673391
-
With active/active Multi SRGs, the address pools used by SRGs in the access profile must not overlap. PR1687654