Resolved Issues

The SRX platform may experience a flowd process crash and generate core dump files when the ALG feature is enabled PR1852968

FIPSCC - SRX5k L2HA (link-encryption) - Traffic through customer ipsec vpn tunnel halts/stops after back to back failover until rekey occurs PR1842874

L3MNHA with SRG1 IPSEC : MNHA ICL ipsec encryption link went down permanently after rebooting connected router through which ICL was established before. During this state IKE process got stuck at ~70% on MNHA Active node. PR1850967

Post chassis-control restart on one of MNHA node, Node goes into OFFLINE [SP] status with SRG in INELIGIBLE state and does not recover from this state PR1873432

AppQoS rate limit in PMI mode on SRX5K and SRX4600 may drop packets unexpectedly PR1828819

[False Drop messages for defrag traffic] Packet-drop records with fragmented traffic ",Dropped by FLOW:Defrag return error" seen on " show security packet-drop records " PR1833132

GRE traffic is getting blocked due to a software programming issue and MTU going below minimum value PR1834338

Type 5 VXLAN traffic drops are observed when SRX run as L3-VNI gateway and the ingress and egress traffic goes to the same Type-5 VXLAN peer PR1847419

Junos SRX platforms with chassis cluster configured experience flowd crash due to a race condition in multicast session handling PR1854492

Data Plane CPU on one device spikes up to 95% during primary node system reboot in SRX cluster PR1856521

The flowd process crash when service offload and system stats are enabled PR1859062

SRX4700 custom application session inactive timeout is half of the configured value PR1865294

PFE crash is observed when PFE processes the traffic passing through the dedicated fabric link PR1872613

The TCP session is not closing properly on the SRX4600 and SRX5K platforms after receiving the FIN-ACK message causing packets to drop for new session if reusing same source port PR1873580

SRX platforms drops MPLS traffic when "gre-performance-acceleration" knob is enabled PR1876356

Multiple J-UKERN core files might be generated during the sanity test PR1641517

ifHCOutOctets unexpected spikes in value PR1706125

Crash dump on DNSF plugin observed on SRX platforms PR1816951

RTO traffic loss and accumulation of session on secondary node is observed when RTO traffic not evenly distributed to all FLT (Flow Thread) threads PR1819911

On SRX4600 platforms with heavy traffic, the FPGA drops packets PR1823577

The rpd crash is observed during upgrade or restart PR1826194

On SRX platforms MLD groups are successfully formed however egress traffic is not being forwarded as expected PR1828211

The SRX1500 drops the packet if MTU matches the MRU of the receiving device PR1831955

The IDP security-package install is throwing 'Attack DB Update Failed' error and AppID stops working PR1832094

Custom application detection fails for L4 traffic after upgrade due to uncompiled signatures PR1833667

AE interfaces not coming up if configured with flexible-vlan-tagging and output-vlan-map. PR1838033

Traffic loss due to tunnel establishment failure in HA setup PR1839090

Load balance hash-key forwarding persists when switching to Layer 3-only PR1842873

Split brain condition will be seen in SRX4600 configured in Chassis Cluster under certain conditions PR1843413

Application crash is observed due to insufficient memory when a large number of JFlow entries are created PR1843679

Unnecessary trace log files related to licenses are generated PR1845079

SRX PFE crash is observed with source-identity enabled PR1845506

Auto-re-enrollment for local certificate once fail, not trigger again on SRX platforms PR1845573

Security-metadata streaming is impacted due to dynamic-filter issue PR1845645

Packet drops are observed in the VPLS environment on SRX380 platforms in packet mode PR1845997

FPC0 will not transition to Online and may generate chassis alarm "FPC 0 Hard errors" in SRX4600 devices deployed in chassis cluster PR1846340

Core being generated for some processes while using license feature PR1848160

Local or peer device's interface reflects down after SRX380's reboot PR1848557

It is not recommended to restart chassisd using CLI command "restart chassis-control" in MNHA setup PR1849108

Reth Reserved buffer increases when reth interface is activated PR1849364

The commit command failed due to a speed mismatch between the Ten-Gigabit Ethernet (XE) port and the Aggregated Ethernet (AE) interface to which it belongs PR1851261

Traffic reduction observed for SWP sessions when traffic hits SWP as passthrough. PR1851686

Flexible-vlan-tagging option is missing under interface hierarchy on SRX3xx series PR1853238

PIM IP ESP packet fragments dropped in SRX platform PR1854130

The nsd process crashes on SRX platforms during cluster reboot, failover, or policy addition causes traffic outage PR1857379

The chassisd process crash is seen after the device reboot when chassisd stalls after configuration commit PR1857833

Security log report messages w.r.t logical system is not generated PR1860597

Packet drops can occur when packets are received with a size equal to the default MRU PR1863576

CoS shaping is not functional on IRB interfaces when the SRX1600 is in switching mode PR1868103

TCP RST packet gets dropped when used with rst-invalidate-session PR1873583

Commit Delay Due to Incomplete MACsec Pre-Shared Key Configuration PR1873885

Unexpected primary role assignment on SRX after node0 reboot PR1877323

ISSU getting aborted due to configuration-synchronize failure on Junos SRX platforms PR1882569

Created address-sets in global address book is not visible in J-Web PR1805828

[SRX Jweb] Junos image upload progress message is not displayed on Branch SRX platform PR1844395

[Jweb] Gratuitous ARP Count shows 0 for redundancy group 1+ when the default gratuitous-arp-count value is used PR1845747

Unable to load J-Web after upgrading SRX when time zone is set to GMT+x or GMT-x. PR1851362

VPN failures on SRX due to file descriptor issue PR1858466

SNMPV3 Engine-ID does not update to MAC address as configured PR1866948

The self-generated traffic on Junos platforms use the incorrect source IP with ECMP configuration PR1849296

The "show security match-policies" command results in a timeout error PR1809563

[SRX] - RE and PFE policy out of sync with specific configuration. PR1837182

Security flow sessions are impacted during ISSU on SRX platforms PR1838698

The mgd process crash is observed during large amount of configurations PR1847877

Wrong service-name display in SRX RT_FLOW traffic log. PR1859554

Deny traffic log message is not generated for persistent nat traffic PR1869988

Protocols involved with TCP/IP on a lsi interface have issues as TCP 3-way handshake cannot be completed PR1871431

The rpd crash on commit when configuring router-advertisement with DNS search label under 3 characters PR1847811

Updating a source-file to load ROAs should be done by changing the name of the source file PR1853025

The utmd process crashes when EWF or NG web-filtering is configured on SRX with scaled custom URLs PR1841370

FPC crashing when web filtering type set to "juniper-enhanced" or "NG-juniper" PR1854519

XML namespace string in rpc-reply tag for system-uptime-information was changed to represent the full version name. PR1842868

On SRX platforms, STP multicast packets are discarded, causing PVST to fail to converge between switches PR1831324

Traffic drops are observed when SRX380 platform is configured in l2 transparent-bridge mode PR1852047

PFE crash due to invalid cached next hop during reinjection on SRX5k PR1856200

Master-encryption-password is not accessible when system is in FIPS mode PR1665506

The flowd process crashes on SRX5K platforms with multiple line cards in MNHA scenario PR1839665

ICL link encryption should be used for connection between pub-broker sub-broker with loopback interface IP's should be used with to avoid IPsec session sync failure between master and backup MNHA devices. PR1840788

L3MNHA with SRG1 IPSEC : "show chassis high-availability information" cli says SRG1 control plane state as Ready eventhough ICL connection between Pub-Broker Sub-broker is not established properly and IPsec sessions are not syncing between Master and Standby MNHA peers. PR1840803

FIPS-CC:SRX-SME(Berkeley-FreeBSD12): IPSEC sa_config entries on node0 PFE are empty when configured from secondary node. PR1846168

IKED core might be observed during a restart or failover event. PR1848834

SRX fails to renegotiate VPN with the correct gateway when the active tunnel goes down PR1851652

Recommended command to failover from Primary to Backup node PR1861056

On rare circumstances the kmd or iked process crash will be observed on using the third-party library API PR1864322

Post reboot , IPSec VPN is not coming up over MNHA active/active deployment PR1864758

Tunnel sync failure on backup node post 'restart chassis-control' in MNHA Active-Active mode PR1866890

Type 5 EVPN traffic is dropped on SRX when PMI is disabled or not supported PR1867040

IPSec tunnel inactive after multiple srg failovers on SRX platforms PR1868453