Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Open Issues

Learn about open issues in this release for SRX Series Firewalls.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Chassis Clustering

  • With restart-chassis control command on SRX4200, SRX4700, and SRX5000 line of devices, BFD ICL will flap. PR1789245

  • Performing an ISSU on an SRX1600 cluster from Junos OS release 24.2R2 to a supported release might generate SRXPFE core files, but the ISSU will successfully complete. PR1896182

Flow-Based and Packet-Based Processing

  • When multicast traffic triggers a route resolution request for a pending session, and the route is subsequently resolved, a race condition may occur if that pending session is terminated by a different thread before processing can continue. This can result in a crash of the flowd (security forwarding process). However, the control plane remains online and unaffected.PR1859163

General Routing

  • Additional logging has been added to the primry Routing Engine. This is to help narrow down the issue which chassisd process restarted unexpectedly at snmp_init_oids( ) function on the primary Routing Engine while booting up.PR1787608

  • Right after rebooting one of SRX4600 at HA setup, CTL link might keep down.PR1802158

  • On Junos SRX4100/SRX4200 platform, starting and stopping the "monitor traffic interface" or "tcpdump", causes VLAN tagged traffic to be dropped. While the "monitor traffic interface" or "tcpdump" is still running the traffic will function properly, but traffic will stop flowing when it is stopped. This issue only occurs on vlan-tagged interfaces.PR1808353

  • On Junos SRX5600 and vSRX3 platforms while upgrading from an older JUNOS version to 22.4R3-S1 or 22.4R3-S2, the upgrade process can fail as the rpd crashes as part of validation process. This is seen if the router config has Multicast/Internet Group Management Protocol (IGMP) or Broadband Edge configuration.PR1810817

  • MACSec is supported in routing mode but not in transparent mode.PR1812427

  • On all SRX platforms except for SRX5k series platforms , when Secure or Explicit Web Proxy is configured, the flowd process crasches due to a race condition causing traffic outage.PR1813355

  • On SRX1500 platform, large IP packets of size 1470 bytes or larger may be dropped when using ethernet-switching and trunk ports.PR1813536

  • MNHA Conn State is going down after 48+ hours with some background traffic when MNHA ICL is configured with link-encryption PR1822662

  • As per OpenSSH 9.0/9.0p1 release notes: "This release switches scp(1) from using the legacy scp/rcp protocol to using the SFTP protocol by default." In this case, since we are running OpenSSH 9.0 and above- OpenSSH_9.7p1 , this uses the "SFTP" protocol by default when scp command is invoked from shell. However, vSRX3.0 supports the "SCP" protocol by default when scp command is invoked. So to use the legacy "SCP" protocol from shell, please use the -O command line option For example: scp -O other options arguments Note: Incoming SCP connections from outside hosts that are running OpenSSH version 9.0/9.0p1 could fail since sftp-server is disabled by default in Junos OS . Hence, users should either use the -O option on remote host while initiating scp file transfer OR enable sftp-server in the Juniper configuration. To enable sftp-server in Juniper configuration, use the following hierarchy: "set system services ssh sftp-server"PR1827152

  • On Junos SRX1600, SRX2300 and SRX4300 platforms, when MVRP (Multiple VLAN registration protocol) is enabled along with static vlans, the dynamic vlan learning and assignment doesn't work resulting in traffic loss for the impacted vlans. This issue is observed only when the interface is converted into routing mode and rolled back to switching mode.PR1839275

  • On SRX3xx series configured with native-vlan-id, after upgrading an SRX3xx series device to Junos version 23.4R1 or higher, the native-vlan-id option disappears from the interface settings. If native-vlan-id was set before the upgrade, the device keeps the setting but it doesnt apply it to the interface. Trying to delete native-vlan-id causes a syntax error. The native-vlan-id feature doesn't work, and if a custom VLAN ID (other than 1) was used then traffic for that VLAN will be affected.PR1847366

  • On SRX and MX platforms a rare occurrence issue causes a sudden reboot of the SPC3 (Services Processing Cards) in use leading to packet loss during the card offline period in the reboot process.PR1857890

J-Web

  • On SRX4600, upgrades and downgrades will fail from J-Web with the error message: "Installation Progress failed at Receive Package File" from release 23.4 and above.PR1876075

Network Address Translation (NAT)

  • The existing RSI misses out on few important information from NAT plugin, which can now be collected via a new RSI CLI command - "request support information security-components nat". This will provide more data and help in better debugging.PR1825372

Platform and Infrastructure

  • On SRX5400/SRX5600/SRX5800 platforms, if vmcore is initiated for XLP PIC ( Extreme Low Power Peripheral Interface Controller ), vmcore process crashes.PR1811765

  • An Authentication Bypass by Spoofing vulnerability in the RADIUS protocol of Juniper Networks Junos OS and Junos OS Evolved platforms allows an on-path attacker between a RADIUS server and a RADIUS client to bypass authentication when RADIUS authentication is in use. Please refer to https://supportportal.juniper.net/JSA88210 for more information.PR1850776

Services Applications

  • On SRX5K HA cluster in FIPS mode, repeated manual failovers of redundancy groups can result in SPC3 or IOC4 or both the cards going offline.PR1797468

Unified Threat Management (UTM)

  • Avira is not supported for SRX4700 in 24.4R1-S2PR1851627