Known Limitations
Learn about known limitations in this release for SRX Series Firewalls.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Flow-Based and Packet-Based Processing
-
The rst_sequence knob request SPU flow to keep having sequence number in the record. But, for sessions which has been offloaded, the packet is forwarded directly on NP, due to which SPU did not receive the packet. Also, the sequence number is not synchronize to the SPU session. To use the feature rst_sequence check disable the SOF. PR1830053
General Routing
-
The peers-synchronize is configured, and master-password is configured to encrypt the config being synchronize. However, the master-password configured on the peer device, the encrypted configuration cannot be decrypted. PR1805835
Infrastructure
-
When upgrading from releases before Junos OS release 21.2 to release 21.2 and onward, validation and upgrade might fail. The upgrade requires using the no-validate option to complete successfully. https://kb.juniper.net/TSB18251. PR1568757
Platform and Infrastructure
-
An Authentication Bypass by Spoofing vulnerability in the RADIUS protocol of Juniper Networks Junos OS and Junos OS Evolved platforms allows an on-path attacker between a RADIUS server and a RADIUS client to bypass authentication when RADIUS authentication is in use. Refer to https://supportportal.juniper.net/JSA88210 for more information. PR1850776
User Interface and Configuration
-
On SRX300 line of devices, when running BFD, performing CLI commands which have a long output and high impact on control plane CPU load, might cause a BFD flap. In such case, use the Dedicated BFD or Real-time BFD feature to avoid the impact. PR1657304