Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Resolved Issues

Learn about the issues fixed in this release for SRX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Application Layer Gateways (ALGs)

  • H.323 traffic failure caused by RAS packet drops when incorrect route lookup performed. PR1688986

Chassis Clustering

  • New secondary node to go into a disabled state after ISSU and failover RG0 because of fabric link failure. PR1678772

  • Policy configured with condition route-active-on import is not working properly after RG0 failover. PR1686648

  • The secure tunnel interface does not work properly in SRX standalone mode. PR1702763

  • GTPv2 Message Filtering is not working. PR1704472

Flow-Based and Packet-Based Processing

  • Application traffic drop seen on all SRX platforms due to TCP window size issue. PR1699578

  • Core dump will be seen when user is changing interface configuration PR1704623

  • A flowd process crash is seen on SRX4100/4200/4600, vSRX, and SRX5K with SPC3 card when a route is changed frequently. PR1705996

  • The IPv6 source-level fragmented SCTP packets passing through an IPSec tunnel will be dropped. PR1708876

General Routing

  • HA AP mode on-box logging in LSYS and Tenant: Security log verification is failing as the contents of binary log file in LSYS are not as expected. PR1587360

  • SRX4600 - Packet drop or srxpfe coredump might be observed. PR1620773

  • SRX5600/5800 - SNMP mib queries may result in occasional response timeouts. PR1631149

  • 21.3R2:SRX_RIAD:srx1500,srx4200:SKYATP:IMAP/IMAPS Email permitted counter is not incremented in AAMW email statistics while testing whole email block. PR1646661

  • No alarm under booting from backup partition. PR1646943

  • show fwauth user details is not displaying group information. PR1659115

  • SRX4600HA might not failover properly due to a hardware failure. PR1683213

  • The user authentication page is not rendering on the client browser. PR1685116

  • The chassis cluster will not respond to DNS queries when configured with DNS proxy service. PR1688481

  • SRX1500 chassis cluster port ge-0/0/1 does not work in switching mode. PR1690621

  • The process srxpfd/ flowd will crash on SRX devices. PR1694449

  • TCP packet drops are seen when services-offload is enabled. PR1702138

  • The flowd crash and core will be observed when TLS 1.3 session ticket is received on SSL-I. PR1705044

  • TX would be stuck and no packet can be transferred by the SPC3 card. PR1706756

  • Setting the security log profile without a category or stream will lead to srxpfe process crash. PR1708777

  • The ECDSA certificate based websites are not accessible when the SSL proxy is enabled from 22.1R1 onwards. PR1709386

  • SRX4600 doesn't support ae interfaces. PR1711467

  • The 'targeted-broadcast' feature will not work on some SRX platforms. PR1711729

  • Continuous vmcores observed on the secondary node when committing set system management-instance command. PR1712727

  • Continuous vmcores observed on the secondary node when committing the "set system management-instance" command. PR1713759

  • The firewall web-authentication feature will not work after enabling Juniper secure connect. PR1714845

  • The SSL session drops because of the wrong SNI value. PR1716893

  • The flowd process crash is observed when the web proxy packet reinjection fails. PR1719703

Interfaces and Chassis

  • SRX1500: Traffic fail seen on irb interface for network control forwarding class when verifying dscp classification based on single and multiple code-points. PR1611623

  • Incompatible/unsupported configuration is not getting validated correctly during ISSU/normal upgrade causing the traffic loss. PR1692404

Intrusion Detection and Prevention (IDP)

  • Network outage caused during change in IDP policy. PR1705491


  • [Jweb] "address-book address-book name attach zone" is unexpectedly removed when address-book entry is added or removed by Jweb. PR1712454

Layer 2 Ethernet Services

  • DHCPv6 client options missing in solicit messages if TLV's (Type Length value) exceed a certain length. PR1702831

Network Address Translation (NAT)

  • MNHA: Incorrectly a warning is thrown at commit check for Source NAT config when the source-address or destination-address of the NAT rule is set as PR1699407

  • ICMP based traceroute is not showing any hops after SRX when SRX is configured with NAT64. PR1706541

Network Management and Monitoring

  • source-address on syslog at custom routing-instance not applied right after rebooting. PR1689661

Platform and Infrastructure

  • "%DAEMON-4: Set system alarm failed: Operation not supported by device" message is seen on high end SRX. PR1681701

  • Fabric monitoring suspension and control link failure may cause HA cluster outage. PR1698797

  • vmcores can be seen on SRX5k platforms when the fxp0 interface is configured under management-instance. PR1714002

Routing Policy and Firewall Filters

  • Packet drops are seen for SRX destined traffic with self-traffic-policy. PR1698021

  • Security policies go out of sync during ISSU. PR1698508

Routing Protocols

  • The traffic drops are seen for the static route after VRRP failover when VRRP VIP is set as next-hop for that static route. PR1687884


  • 19.2TH:VPN:SRX5600: While verifying "show security ipsec next-hop-tunnels" output in device the IPsec SA and NHTB entry is not getting cleared after configuring firewall filter. PR1432925

  • Routes flapping when configuration changes are applied to custom routing instance. PR1654516

  • The kmd crash is seen if the external-interface is empty in the IKE gateway configuration. PR1664910

  • VPN traffic loss is seen after HA node reboot while using traffic selectors. PR1667223

  • With Active-Active Multi SRGs, the address pools used by SRGs in the access profile must not overlap. PR1687654

  • 22.4R1:SRX_RIAD:srx5600:MN_HA:ike cookies didn't change in rekey lifetime expire cases after manual failover. PR1690921

  • IPSEC tunnel is not getting established back after the execution of 'clear security ike sa'. PR1694604

  • IPsec VPNs will disconnect after ISSU. PR1696102

  • Mismatch in configured and negotiated proxy-identity parameters can lead to KMD core. PR1699691

  • From 20.4 onwards,St0.16000 to st0.16385 will not be allowed to be configured in HA and MNHA. mode PR1704670

  • The iked process will crash when VPN tunnels parameters are not matching. PR1716092