Resolved Issues

Junos OS: SRX 5000 Series: Upon processing of a specific SIP packet an FPC can crash (CVE-2023-22408). PR1658604

SIP 200 OK (INVITE) response packets are dropped leading to SIP call failure. PR1677554

SIP calls are getting dropped due to NAT failure and SIP ALG is enabled. PR1686613

H.323 traffic failure caused by RAS packet drops when incorrect route lookup performed. PR1688986

New secondary node to go into a disabled state after ISSU and failover RG0 because of fabric link failure. PR1678772

Policy configured with condition route-active-on import is not working properly after RG0 failover. PR1686648

Chassis cluster IP monitoring on the secondary node failed after the system reboot on the SRX Series devices. PR1691071

The secure tunnel interface does not work properly in SRX Series devices standalone mode. PR1702763

GTPv2 message filtering is not working. PR1704472

To track Routing Engine and Packet Forwarding Engine sync issue with NAT configuration and closed scan session counter issue. PR1661796

The non-fragmented packets might get dropped on the SRX5000 line of devices with SPC3 card. PR1683835

The flow sessions traversing the IOC2 card would time out early when Express Path is enabled. PR1688658

SOF was incorrectly offloading short-lived flows leading to early exhaustion of NP memory, reducing overall device performance. PR1692100

Application traffic drop seen on all SRX Series devices due to TCP window size issue. PR1699578

Core files gets generated when user is changing interface configuration. PR1704623

A flowd process stops on SRX4100, SRX4200, SRX4600, vSRX, and SRX5000 line of devices with SPC3 card when a route is changed frequently. PR1705996

The IPv6 source-level fragmented SCTP packets passing through an IPsec tunnel will be dropped. PR1708876

Unexpected behavior when web-proxy is configured with ssl-proxy. PR1580526

HA active/passive mode on-box logging in logical systems and tenant systems, Intermittently Security log contents of binary log file in logical systems are not as expected. PR1587360

During reboot, "warning: requires 'idp-sig' license" can be seen on the screen even when the device has valid license. PR1594014

On SRX4600 devices packet drop or srxpfe core dump might be observed. PR1620773

On SRX5600 and SRX5800 devices, the SNMP mib queries might result in occasional response timeouts. PR1631149

IMAP/IMAPS email permitted counter is not incremented in AAMW email statistics while testing whole email block. PR1646661

Split tunneling feature might not work. PR1655202

SRX4600 device in split-brain scenario post ISSU. PR1658148

The show fwauth user details is not displaying group information. PR1659115

Traffic loss might be seen due to SPC3 packets getting stuck. PR1671649

VPN tunnel might not be established in exclusive client scenario. PR1674522

NetBIOS traffic (IRB broadcast) is getting dropped post upgrade on the SRX Series devices. PR1675853

Dial-on-demand mode on the dialer interface is not working as expected. PR1680405

SRX4600 HA might not failover properly due to a hardware failure. PR1683213

The cluster fabric link will be down post reboot of node or power cycle. PR1684756

The user authentication page is not rendering on the client browser. PR1685116

Unexpected default event-rate value for event mode logging. PR1687244

The chassis cluster will not respond to DNS queries when configured with DNS proxy service. PR1688481

The system might stoop when Jflow inactive timeout is configured to be less than 'previous flow-inactive-timeout + 180' seconds. PR1688627

SNMP MIB walk for jnxBoxDescr OID returns incorrect value. PR1689705

SRX1500 chassis cluster port ge-0/0/1 does not work in switching mode. PR1690621

SRX cluster might fail in a rare scenario when node status changes to disabled state without going through the ineligible state. PR1692611

The process srxpfd or flowd might stop on SRX Series devices. PR1694449

TCP packet drops are seen when services-offload is enabled. PR1702138

The flowd process generates core files when TLS 1.3 session ticket is received on SSL-I. PR1705044

Log streaming to the security director cloud fails on TLS when DNS re-query is performed. PR1708116

Setting the security log profile without a category or stream will lead to srxpfe process stops. PR1708777

On SRX Series devices with ECDSA certificate based websites are not accessible when the SSL proxy is enabled from Junos OS release 22.1R1 onwards. PR1709386

SRX4600 doesn't support aggregated Ethernet interfaces. PR1711467

Continuous vmcores observed on the secondary node when committing set system management-instance command PR1712727

Continuous vmcores observed on the secondary node when committing set system management-instance command. PR1713759

The SSL session drops because of the wrong SNI value. PR1716893

Incompatible or unsupported configuration is not getting validated correctly during ISSU/normal upgrade causing the traffic loss. PR1692404

Network outage caused during change in IDP policy. PR1705491

The "address-book address-book name attach zone" is unexpectedly removed when address-book entry is added or removed by J-Web. PR1712454

DHCPv6 client options missing in solicit message if they exceed a certain length. PR1702831

Incorrectly a warning is thrown at commit check for source NAT configuration when the source-address or destination-address of the NAT rule is set as 0.0.0.0/0. PR1699407

The source-address on syslog at custom routing-instance not applied right after rebooting. PR1689661

Syslog message CHASSISD_IPC_WRITE_ERR_NULL_ARGS at commit. PR1663839

The "%DAEMON-4: Set system alarm failed: Operation not supported by device" message is seen on SRX5000 line of devices. PR1681701

Fabric monitoring suspension and control link failure might cause HA cluster outage. PR1698797

The vmcores can be seen on SRX5000 line of devices when the fxp0 interface is configured under management-instance. PR1714002

Packet drops are seen for SRX Series devices destined traffic with self-traffic-policy. PR1698021

Security policies go out of sync during ISSU. PR1698508

Configuration filtering does not work when the logical system is present. PR1679413

Traffic over IPsec tunnels might be dropped during ISSU. PR1416334

While verifying show security ipsec next-hop-tunnels output in device the IPsec SA and NHTB entry is not getting cleared after configuring firewall filter. PR1432925

Routes flapping when configuration changes are applied to custom routing instance.PR1654516

The kmd process pause is seen if the external-interface is empty in the IKE gateway configuration. PR1664910

VPN traffic loss is seen after HA node reboot while using traffic selectors. PR1667223

With active/active Multi SRGs, the address pools used by SRGs in the access profile must not overlap. PR1687654

The IKE cookies didn't change in rekey lifetime expire cases after manual failover.PR1690921

IPsec tunnel is not getting established back after the execution of clear security ike sa command. PR1694604

Mismatch in configured and negotiated proxy-identity parameters might generate kmd process core files. PR1699691