Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Open Issues

Learn about open issues in this release for SRX Series Firewalls.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Chassis Clustering

  • On SRX5000 line of devices with MNHA mode, if monitor ip is configured under routing-instance and when you try to add annotate IP command both devices might move into INELIGIBLE state and complete traffic might drop during the issue. PR1632586

  • On SRX5000 line of devices HA cluster in FIPS mode, repeated manual failovers of redundancy groups can result in SPC3 or IOC4 or both the cards going offline.PR1797468

Content Security

  • The command request security utm web-filtering category download version version number is deprecated from Junos OS release 24.1 onwards. Instead a new command is introduced request security utm web-filtering category download rollback to download the previous category version package. PR1773869

Flow-Based and Packet-Based Processing

  • On SRX5000 line of devices and SRX4600, performing ISSU to Junos OS release 21.4 and higher from earlier Junos versions can lead to a flowd process to generates core files. PR1779260

General Routing

  • When non-root user tries to generate archive file for /var/log, it either fails or generates an archive with partial log files. This happens due to permission of files under /var/log/hostlogs/.PR1692516

  • When input traffic is more and output traffic is expected equal to maximum capacity of egress interface, please set the shaping explicitly equal to interface maximum capacity if default shaping does not work. PR1712964

  • The NSD process might generate core files. PR1716686

  • Configuring the set system processes watchdog disable/timeout command causes a commit pause, and traffic loss will be observed. Watchdog related commands are unsupported.PR1747849

  • On SRX380 or SRX550 devices, when different Native-VLANs are configured on the trunk interfaces between devices, there is a packet drop. PR1750521

  • The repd process might generate core files during ISSU. There is no functional impact. PR1797189

Platform and Infrastructure

  • Request message user throws permission message to root user.PR1731520

VPNs

  • When multiple VPNs have same TS and different st0, in on-traffic tunnel establishment, ARI routes for the same destination and different st0 gets overwritten and only the latest route will be added. As a result, traffic over only one VPN continues and other VPN is down. In case of DPD failover, when one of the VPN is down and peer initiates DPD failover to route traffic through other VPN, due to missing ARI route on responder-side, traffic will be down. As a workaround, for DPD failover to work seamlessly, configure 2 st0s in different VRFs so both routes can be installed and failover can continue to work.PR1727795