Resolved Issues
Learn about the issues fixed in this release for SRX Series Firewalls.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Chassis Clustering
-
Unsupported configuration for interface st0 16000 to 16385 is possible when using replace pattern on SRX Series Firewall devices. PR1731593
-
In SRX MNHA cluster setup the RSI takes long time to generate. PR1736498
-
BFD session fails to re-establish on SRX cluster mode. PR1737520
-
SRX dropping GTP ChangeNotificationRequest messages due to Non-zero TID or TEID. PR1750988
Class of Service (CoS)
-
The CoS scheduler map might not get attached to the sub-interface correctly when shaping-rate and scheduler-map are configured. PR1734013
Flow-Based and Packet-Based Processing
-
The datapath-debug packet-dump feature is not capturing the transit traffic packets. PR1727027
-
Traffic loss is observed for the existing session if there is an update for the next-hop MAC address. PR1755181
-
Buffer leak when PMI sends out packet on egress interface with MTU smaller than the packet length. PR1758208
-
In NAT46 or NAT64 scenario, the packet that trigger NDP or ARP learning might get dropped. PR1759202
-
Source port for GTPv2 traffic is copied as same as destination port for the create session response packet. PR1771176
General Routing
-
The mustd process might stop. PR1562848
-
The 8-Port GbE SFP XPIM not passing traffic after software upgrade. PR1620982
-
The DNS information is getting lost when IPCP flaps. PR1658968
-
The fxp0 interface works under disable state in SRX300. PR1661816
-
Secondary node goes into disabled state after failover due to control link going down in a cluster. PR1703220
-
High latency will be observed while pinging to peer device. PR1714620
-
Interface speed stays 100 Mbps when removing speed and duplex command separately. PR1715247
-
OAM not working with flexible-vlan-tagging. PR1719108
-
The show system firmware shows available version as 0 after upgrading to BSD12 image. PR1729959
-
The flowd-octeon.elf.core generates core files rarely in SRX380 cluster. PR1732378
-
Intermittent core files are received when SMB protocol is enabled on AAMW policy and Packet Forwarding Engine memory is exhausted. PR1737442
-
Junos OS installation using USB can fail on SRX4600. PR1737721
-
Failover can be seen on SRX5000 line of devices cluster with SPC2 cards while executing RSI. PR1738188
-
Minor autorecovery information needs to be saved alarm are not displayed after zeroize. PR1738271
-
Traffic drop caused by Packet Forwarding Engine memory leak on SRX Series Firewall devices. PR1738656
-
With multiple, reboot SRX300 going into sleep thread. PR1739219
-
Memory leak in PKID. PR1739342
-
Random physical interfaces doesn't come up after a reboot. PR1739520
-
SRX4100 and SRX4200 accepts the datapath-debug configuration although it does not support it. PR1739559
-
Existing primary node not upgraded or rebooted, secondary node got upgraded but PICs didn't came online and vmcore.live.0 generated. PR1739673
-
Processing a TWAMP packet and terminating the TWAMP session might generate core files in a corner case scenario. PR1739733
-
The flowd process might pause. PR1743107
-
Commit panic reboot observed after implementing system processes watchdog timeout 180 on SRX Series Firewall devices. PR1744108
-
Added FQDN-name counter in the show services user-identification identity-management status output. PR1745588
-
The traffic degradation in 25percentercent down might be seen under high load traffic at SRX4600 with FPGA v1.65. PR1746567
-
SRX4600 misleading fan speed syslog output after removing or inserting one fan tray unit. PR1748971
-
SRX Series Firewall devices might take time to come up in HA or device will go down in standalone setup. PR1749584
-
SPC3 PIC pause. PR1749830
-
Large TLS1.3 session tickets to an SRX SPC3 device result in srxpfe process pause. PR1752678
-
The flowd process might pause due to memory stress. PR1753540
-
Users authenticated through captive portal experience a noticeable delay of at least 2 to 5 minutes. PR1755593
-
The Packet Forwarding Engine or flowd process might stop when NAT and tcp-encap is enabled. PR1756193
-
Changing IKE GW address from IPv6 to IPv4 causes failure in tunnel distribution during next tunnel establishment. PR1757072
-
AAMW hyper scan goes to lock state during reload. PR1757794
-
Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution PR1758332
-
False SNMP traps for PSU failure generated on SRX4100 and SRX4200 platforms PR1761668
-
The set system license log-frequency time-interval command does not work. PR1766874
-
ARP is not getting resolved. PR1768050
Intrusion Detection and Prevention (IDP)
-
Multiple network issues are seen after the upgrade with lower IDP packet-log total-memory percentage. PR1741887
J-Web
-
The process httpd might pause on SRX Series Firewall devices. PR1732269
-
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control important environment variables (CVE-2023-36845) PR1736942
-
Certificate Management issues. PR1738316
-
Cannot add custom defined security address-book under Security Policies Objects > Security Policies > Create > Source Zone > Select Sources. PR1748078
-
Junos upgrades from J-Web returns failed in each step. PR1755072
Layer 2 Ethernet Services
-
Delay in getting IP through DHCP cause traffic loss.PR1752804
Platform and Infrastructure
-
The message "kernel: %KERN-6:ARP UNICAST MODE 0; retrans_timer - 8" might be seen when commit command is run for configuration which is not related to ARP. PR1735686
Routing Protocols
-
BFD session for BGP remains down in a specific scenario. PR1738074
-
RPD scheduler slip is observed when the BGP session flaps and subsequent configuration changes for the same peer. PR1742416
-
When BGP is configured in routing-instance of type virtual-router, default MPLS table is being created for that virtual-router, unexpectedly. PR1742513
-
System reboot or IPsec restart causes routes with incorrect next hop interface to be installed in the routing table. PR1752133
Content Security
-
Outlook notification channel connection is not established. PR1725938
User Interface and Configuration
-
The mgd process generates core files when show command is executed from the configuration mode. PR1745565
VPNs
-
The show security ike tunnel-map command is invalid with IKED. PR1738335
-
The show security ike sa fpc 0 pic 0 command is invalid with IKED. PR1739494
-
IPsec VPN does not come up in NAT-T scenario. PR1745174
-
Error seen while clearing ike statistics in secondary node. PR1748531
-
After clearing security group-vpn member ike SA, IKE SA goes down traffic disruption is observed. PR1758940