Known Limitations
Learn about known limitations in this release for SRX Series Firewalls.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
General Routing
-
The SRX300 and SRX320 uses revenue port ge-0/0/0 as management port with 150 MB bidirectional traffic of 64 byte packet size, the flowd process is occupying all the CPU1. It can't process any further traffic. Since SRX300 and SRX320 have limited CPU, the flowd process capability to process traffic is limited. PR1705627
Infrastructure
-
When upgrading from before Junos OS Release 21.2 to 21.2 and after, validation and upgrade will fail. The upgrading requires using of
no-validate
configuration. PR1568757
J-Web
-
Staring in Junos OS Release 23.4R1, you must remove IKED specific configurations before uninstalling the Junos-IKE package in J-Web. If not, the Junos-IKE package gets uninstalled with configuration mismatch errors and J-Web will move to the Setup wizard mode.PR1744210
VPNs
-
When multiple VPNs have same TS and different st0, in on-traffic tunnel establishment, ARI routes for the same destination and different st0 gets overwritten and only the latest route will be added. As a result, traffic over only one VPN continues and other VPN is down. In case of DPD failover, when one of the VPN is down and peer initiates DPD failover to route traffic through other VPN, due to missing ARI route on responder-side, traffic will be down. As a work-around, for DPD failover to work seamlessly, configure 2 st0s in different VRFs so both routes can be installed and failover can continue to work. PR1727795