Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Resolved Issues

Learn about the issues fixed in this release for SRX Series devices.

For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.

Application Layer Gateways (ALGs)

  • The SRX Series Firewall might experience a flowd process stop and generate core file when the ALG feature is enabled. PR1852968

Chassis Clustering

  • Traffic through IPsec VPN tunnel halts or stops after back to back failover until rekey occurs. PR1842874

  • MNHA ICL IPsec encryption link went down permanently after rebooting connected router through which ICL was established before. During this state IKE process got stuck at ~70% on MNHA active node. PR1850967

  • Post chassis-control restart on one of MNHA node, node goes into OFFLINE [SP] status with SRG in INELIGIBLE state and does not recover from this state. PR1873432

Content Security

  • The utmd process stops when EWF or NG web-filtering is configured on SRX Series Firewall with scaled custom URLs. PR1841370

  • FPC stops when web filtering type set to juniper-enhanced or NG-juniper. PR1854519

Flow-Based and Packet-Based Processing

  • AppQoS rate limit in PMI mode on SRX5000 line of devices and SRX4600 might drop packets unexpectedly. PR1828819

  • GRE traffic is getting blocked due to a software programming issue and MTU going below minimum value. PR1834338

  • Type 5 VXLAN traffic drops are observed when SRX Series Firewall run as L3-VNI gateway and the ingress and egress traffic goes to the same Type-5 VXLAN peer. PR1847419

  • SRX Series Firewall with chassis cluster configured experience flowd process stops due to a race condition in multicast session handling. PR1854492

  • Data Plane CPU on one device spikes up to 95% during primary node system reboot. PR1856521

  • The flowd process stops when service offload and system stats are enabled. PR1859062

  • Security forwarding process pause might occur when multicast traffic triggers a route resolution request that needs to be processed for a pending session. PR1859163

  • SRX4700 custom application session inactive timeout is half of the configured value. PR1865294

  • Packet Forwarding Engine pause is observed when Packet Forwarding Engine processes the traffic passing through the dedicated fabric link. PR1872613

  • The TCP session is not closing properly on the SRX4600 and SRX5000 line of devices after receiving the FIN-ACK message causing packets to drop for new session if reusing same source port. PR1873580

  • A flowd process might stop on SRX Series Firewall in L2 transparent mode. PR1878164

General Routing

  • Multiple J-UKERN core files might be generated during the sanity test. PR1641517

  • ifHCOutOctets unexpected spikes in value. PR1706125

  • RTO traffic loss and accumulation of session on secondary node is observed when RTO traffic not evenly distributed to all FLT (Flow Thread) threads. PR1819911

  • On SRX4600 device with heavy traffic, the FPGA drop packets. PR1823577

  • On SRX Series Firewall MLD groups are successfully formed however egress traffic is not being forwarded as expected. PR1828211

  • The SRX1500 drops the packet if MTU matches the MRU of the receiving device. PR1831955

  • The IDP security-packages install is throwing 'Attack DB Update Failed' error and AppID stops working. PR1832094

  • Custom application detection fails for L4 traffic after upgrade due to uncompiled signatures. PR1833667

  • AE interfaces not coming up if configured with flexible-vlan-tagging and output-vlan-map. PR1838033

  • In FIPS mode, kernel panics at MipsSwitchFPState and reboots generating a vmcore. PR1838923

  • Once we enable, mvrp on the dut interface DVLAN learning is not happening to r0 and r1. PR1839275

  • The load-balance hash-key forwarding persists when switching to Layer 3-only. PR1842873

  • Application crash is observed due to insufficient memory when a large numbers of JFlow entries are created. PR1843679

  • Unnecessary trace log files related to licenses are generated. PR1845079

  • SRX Series Firewall Packet Forwarding Engine pause is observed with source-identity enabled. PR1845506

  • Auto-re-enrollment for local certificate once fail, not trigger again on SRX Series Firewall. PR1845573

  • Security-metadata streaming is impacted due to dynamic-filter issue. PR1845645

  • Packet drops are observed in the VPLS environment on SRX380 device in packet mode. PR1845997

  • FPC0 will not transition to Online and might generate chassis alarm "FPC 0 Hard errors" in SRX4600 devices deployed in chassis cluster. PR1846340

  • Local or peer device's interface reflects down after SRX380 device reboot. PR1848557

  • It is not recommended to restart chassisd using CLI command restart chassis-control in MNHA setup. PR1849108

  • The redundant Ethernet reserved buffer increases when redundant Ethernet interface is activated. PR1849364

  • The commit command failed due to a speed mismatch between the Ten-Gigabit Ethernet (XE) port and the aggregated Ethernet (AE) interface to which it belongs. PR1851261

  • Intermittent traffic drops are seen due to large memory allocation for unidentified files. PR1851786

  • Flexible-vlan-tagging option is missing under interface hierarchy on SRX300 line of devices. PR1853238

  • PIM IP ESP packet fragments dropped in SRX Series Firewall. PR1854130

  • The nsd process stop responding on SRX Series Firewall during cluster reboot, failover, or policy addition causes traffic outage. PR1857379

  • The chassisd process pause is seen after the device reboot when chassisd stalls after configuration commit PR1857833

  • Security logs report messages for logical system are not generated. PR1860597

  • Packet drops can occur when packets are received with a size equal to the default MRU. PR1863576

  • CoS shaping is not functional on IRB interfaces when the SRX1600 is in switching mode PR1868103

  • Hostname with apostrophe causing connection failures. PR1869192

  • Commit delay due to incomplete MACsec PSK configuration. PR1873885

  • Unexpected primary role assignment after nodes 0 reboot. PR1877323

J-Web

  • Created address-set in global address book is not visible in J-Web. PR1805828

  • Junos image upload progress message is not displayed. PR1844395

  • Unable to load J-Web after upgrading when time zone is set to GMT+x or GMT-x. PR1851362

  • VPN fails due to file descriptor issue. PR1858466

  • Upgrade and Downgrade will fail from J-Web in SRX4600. PR1876075

Network Address Translation (NAT)

  • New CLI for RSI updated to collect more NAT information. PR1825372

Network Management and Monitoring

  • SNMPV3 Engine-ID does not update to MAC address as configured. PR1866948

Platform and Infrastructure

  • On SRX300 series DHCP relay stops working and the device generates core files after upgrading to JunOS 23.4R2-S2.1. PR1843935

  • The self-generated traffic on Junos platforms uses the incorrect source IP with ECMP configuration. PR1849296

Routing Policy and Firewall Filters

  • The show security match-policies command results in a timeout error. PR1809563

  • Security flow sessions are impacted during ISSU. PR1838698

  • The mgd process pause is observed during large amount of configurations. PR1847877

  • Deny traffic log message is not generated for persistent NAT traffic. PR1869988

  • Protocols involved with TCP/IP on an lsi interface have issues as TCP 3-way handshake cannot be completed. PR1871431

Routing Protocols

  • The rpd process stop on commit when configuring router-advertisement with DNS search label under 3 characters. PR1847811

VLAN Infrastructure

  • Traffic drops are observed when SRX380 platform is configured in L2 transparent-bridge mode. PR1852047

  • Packet Forwarding Engine stops responding due to invalid cached next hop during reinjection on SRX5000 like of devices. PR1856200

VPNs

  • Master-encryption-password is not accessible when system is in FIPS mode. PR1665506

  • The flowd process stops responding on SRX5000 line of devices with multiple line cards in MNHA scenario. PR1839665

  • ICL connection getting established with wrong source interface IP when trying to establish ICL connection between pub-broker and sub-broker with loopback interface IP's. This resulting in IPsec session sync failure between master and backup MNHA devices. PR1840788

  • The show chassis high-availability information CLI says SRG1 control plane state as ready ICL connection between Pub-Broker Sub-broker is not established properly and IPsec sessions are not synchronize between primary and Standby MNHA peers. PR1840803

  • IPsec sa configuration entries on node0 Packet Forwarding Engine are empty when configured from secondary node. PR1846168

  • IKED generates core files during a restart or failover event. PR1848834

  • To renegotiate VPN with the correct gateway when the active tunnel goes down. PR1851652

  • Recommended command to failover from Primary to Backup node. PR1861056

  • On rare circumstances the kmd or iked process stops responding when the device is too overloaded to generate a random number after repeated attempts PR1864322.

  • Post reboot, IPsec VPN is not coming up over MNHA active/active deployment. PR1864758

  • Recommended command to failover from Primary to Backup node. PR1866890

  • Type 5 EVPN traffic is dropped when PMI is disabled or not supported. PR1867040

  • IPsec tunnel inactive after multiple srg failovers. PR1868453