Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Resolved Issues

Learn about the issues fixed in this release for SRX Series Firewalls.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Authentication and Access Control

  • Clearpass auth entry is getting deleted post successful ISSU. PR1732210

Chassis Clustering

  • Both primary and secondary nodes in chassis cluster go into disabled state in HA link down scenario. PR1540654

  • Core files are generated on both the nodes of HA cluster setup when it is upgraded to Junos OS release 21.2 and above. PR1736985

Content Security

  • Certain video streaming services continuously buffer when safe-search and HTTP persistent mode is enabled. PR1755998

  • The wf_key_ng_juniper support for NG. PR1768183

  • The flowd process generates core files by Web filtering. PR1772232

Flow-Based and Packet-Based Processing

  • Traffic loss is observed for the existing session if there is an update for the next-hop MAC address PR1755181

  • CPU utilization calculation is inaccurate. PR1756972

  • In a chassis cluster setup the flowd pause and SPC cards will fail. PR1761542

  • The GTPv2 create session response and packets might get dropped. PR1771176

  • The NSD process goes high on primary device when the Tenant System is configured. PR1776480

  • TCP sessions might get reset during MNHA traffic failover. PR1782444

  • The srxpfe process pause when ATP Cloud turned on. PR1783101

  • PMI sends packets to the wrong destination. PR1783595

  • Packets over GRE or IPIP or GRE(PMI) might not reach destination. PR1791633

  • The GTP-U packet destination port gets duplicated to the source port and subsequently discarded by policy. PR1798041

  • The commit might not go through when more than 128 vrf-groups for Layer 3 VPN configuration are configured. PR1802089

  • VXLAN session not created after committing FTI configuration on both devices. PR1807339

General Routing

  • Update microcode to version 0x3a or later upon upgrade to Junos OS release 21.4. PR1608045

  • High latency will be observed while pinging to peer device. PR1714620

  • Transition Junos OS kernel random number generator from hashing algorithm SHA-256 to SHA-512. PR1723499

  • Traffic drops might be observed when a BGP session comes up after the network flap. PR1732876

  • SRX4100 and SRX4200 accepts the datapath-debug configuration although it does not support it. PR1739559

  • ISSU upgrade pause on Junos OS release 23.2 onwards. PR1739673

  • On SRX1500, PEM alarms are displayed due to hardware limitations to read I2C. PR1751496

  • ARP resolution failure for lt interfaces is observed after cluster failover. PR1753191

  • VM host memory exhaustion results in image installation failure and brings down the Routing Engine (RE) during the upgrade. PR1755585

  • DNS proxy feature not working on logical tunnel interfaces. PR1760684

  • Application package version shows as 0 after upgrade to FreeBSD12. PR1766132

  • After the device reboot JSC stops accepting user connections. PR1766594

  • Inter and intra VLAN traffic drops. PR1770303

  • DHCP server not responding to some clients. PR1770332

  • RE switchover observed in SRX5000 line of devices when Ethernet switchports failure scenario on SCB. PR1774760

  • Features utilizing inactive routes might not work properly after the device reboot. PR1774975

  • Traffic drop observed right after boot up on SRX4600. PR1775083

  • IPsec tunnel behind NAT stops passing traffic when the NAT port number or IP address changes. PR1776216

  • The Wifi Mini-PIM card will be down upon upgrading the device. PR1776400

  • Interfaces stay down when 1 G SFP fiber transceiver connected to SRX380. PR1776656

  • Unexpected failover will be seen when there is communication loss between CP and SPU with web-authentication or web-redirect is configured. PR1780282

  • IP monitoring fail to install route after HA cluster reboot. PR1780326

  • Junos OS and Junos OS Evolved: Impact of Terrapin SSH Attack (CVE-2023-48795). PR1781732

  • Chassis alarm not present for if /var partition usage exceeds 100 percent. PR1784983

  • Validate result is in processing state for more than 5 minutes, when the configured validator port is in incorrect. PR1786432

  • The flowd process pause when the TLS 1.3 session ticket is received on SSL-I. PR1788673

  • The srxpfe or flowd process might pause while trying to update the path probe statistics. PR1790782

  • The ISSU fails in Layer 2 HA cluster deployment. PR1803376

  • The sxrpfe and fwauthd processes pauses sometimes. PR1804149

  • IPsec VPN is getting flapped due to warning messages on MIST controlled devices. PR1805493

Interfaces and Chassis

  • IP-IP tunnel with hostname does not work on SRX300 line of devices. PR1755011

  • The interfaces of secondary node might shows Link-mode: Unknown. PR1773597

Intrusion Detection and Prevention (IDP)

  • The flowd process pause when the device is rebooted. PR1786822

J-Web

  • J-Web UI cannot be launched. PR1766378

  • On the J-Web, edit icon under the interface is not working. PR1772267

  • Dynamic applications, Certificate Management, and NAT destination Page display errors. PR1784905

  • J-Web default session limits have been aligned with CLI default values. PR1788364

  • J-Web does not display address book entries properly after certain operations. PR1789466

Platform and Infrastructure

  • E2E packet capture will be corrupted. PR1761928

  • A flowd process pause if CP receives the packets due to some hardware memory issue. PR1775880

  • Traffic loss due to PPM not offloading LACP. PR1779749

  • The chassis cluster failover is seen post ISSU. PR1784775

  • Insufficient power alarm observed in SRX5000 line of devices. PR1787219

  • FPC reboot seen on SRX Series Firewalls with SPC3 card post RG failover. PR1793262

  • The dfwd process generates core files on node1 when performing ISSU upgrade to Junos OS release 23.1 and more. PR1794303

  • DNS and NTP might not be working as expected on Junos OS release 23.3 version above. PR1795068

Routing Policy and Firewall Filters

  • The srxpfe process pause when the policies referring to a dynamic-address is changed. PR1769889

  • Security policies might go out of sync during ISSU. PR1783249

Routing Protocols

  • OSPF route flap might be observed. PR1774715

User Interface and Configuration

  • SSH configuration changes do not come into affect on an existing outbound SSH client connection. PR1791814

VLAN Infrastructure

  • SRX Series Firewalls with transparent mode might fail to create a new flow session for multicast traffic when VLAN has l3-interface. PR1780182

  • Packet and byte counters in flow session result or traffic log are not correct for traffic uses Content Security or ALG services when SRX Series Firewalls are working as Layer 2 mode. PR1787772

VPNs

  • IPsec rekey fails when kilobyte based lifetime expires. PR1527384

  • ADVPN connection limit shortcut limitation not working as expected. PR1759738

  • In chassis cluster setup after failover AAMW status will remain in the requesting server certificate validation state on the new primary node. PR1765321

  • IPsec tunnels might not be established due to memory leak. PR1773276

  • In the MNHA scenario traffic drops are observed after failover. PR1777531

  • SCTP does not work correctly. PR1778106

  • The ikemd process pause when IKE traceoptions is configured. PR1780468

  • The kmd or iked process pause under rare circumstances. PR1783738

  • Traffic loss after deleting the traffic selector from the VPN configuration. PR1785346

  • Tunnel IKE and IPsec fails to come with Layer 2 HA and FIPS after switchover. PR1793207