Open Issues

The authentication entries on SRX Series Firewalls might lost during ISSU or during Junos OS version upgrades to Junos OS Release 23.1 or to Junos OS Release 23.4 from prior versions. The issue is because of upgrades done to authentication database on the new Junos OS versions. As a workaround, recreate user event on clearpass after the upgrade, or configure clearpass user-query with inline-lookup configured to trigger user-reauthentication. PR1732210

When non-root user tries to generate archive file for /var/log, it either fails or generates an archive with partial log files. This happens due to permission of files under /var/log/hostlogs/. PR1692516

When input traffic is more and output traffic is expected equal to maximum capacity of egress interface, set the shaping explicitly equal to interface maximum capacity if default shaping does not work. PR1712964

The NSD process might generate core files. PR1716686

When multiple VPNs have same TS and different st0, in on-traffic tunnel establishment, ARI routes for the same destination and different st0 gets overwritten and only the latest route will be added. As a result, traffic over only one VPN continues and other VPN is down. In case of DPD failover, when one of the VPN is down and peer initiates DPD failover to route traffic via other VPN, due to missing ARI route on responder-side, traffic will be down. As a work-around, for DPD failover to work seamlessly, configure 2 st0s in different VRFs so both routes can be installed and failover can continue to work. PR1727795

On SRX1600 and SRX2300, the SCTP over IPSEC tunnel does not work. PR1778106