Resolved Issues: 22.1R1

Junos OS: MX Series and SRX Series: The flowd daemon will crash if the SIP ALG is enabled and specific SIP messages are processed (CVE-2022-22175). PR1604123

The authentication delay might occur upto 60 seconds if same user authenticates. PR1626667

SRX chassis cluster redundancy group IP monitoring might fail for redundancy group on secondary node. PR1594187

Secondary node in a chassis cluster might go into reboot loop on SRX Series devices. PR1606724

SPU might become offline on standby node after failover in SRX Series devices. PR1624262

BFD over high availability ICL link might flap. PR1631938

Post a series of actions MNHA functionality might not be available despite the configuration presence. PR1638794

The services offload packets processed counter not incremented in security flow statistics. PR1616875

Security traffic log display service-name as none for some applications. PR1619321

Cleartext fragments are not processed by flow. PR1620803

VLAN tagged packets might be dropped at TAP mode enabled interface. PR1624041

The flowd process might generate core files if route change or delete in PMI mode. PR1624707

Packets might not be classified according to the CoS rewrite configuration. PR1634146

The process nsd might crash continuously due to failure in creating/reinitializing the file /var/db/ext/monitor-flow-cfg. PR1638008

When using log templates with Unified Policies, logs were not generated in a predictable manner. A new construct has been added that allows you to define a default log profile using the set security log profile name default-profile command can be used to improve this behavior when multiple log profiles are defined. PR1570105

The process pkid might generate core file is observed during local certificate enrollment. PR1573892

The fxp0 interface of an SRX550 in cluster might become unreachable from an external network. PR1575231

On SRX Series devices with Chassis Cluster, the error message tcp_timer_keep:Local(0x81100001:60753) Foreign(0x8f100001:33010) is seen in messages log every 80 seconds. PR1580667

BGP adjacency might not get established in Layer 2 IRB scenario. PR1582871

The show security idp counters command is not having tenant option in it's syntax. PR1586220

Getting UNKNOWN instead of HTTP-PROXY for application and UNKNOWN instead of GOOGLE-GEN in RT-FLOW close messages These messages can be seen in the RT-flow close log and these are due to JDPI not engaged for the session. This might affect the app identification for the web-proxy session traffic. PR1588139

Cross ping fails to another device with packet size above 2400 bytes and Jumbo frame is enabled. PR1593015

When combining log profiles and unified policies RT_FLOW_SESSION_DENY logs were not being generated corrected. PR1594587

DNS proxy functionality might not work on VRRP interfaces. PR1607867

Interface state is reset after a Packet Forwarding Engine restarts. PR1613314

Enabling security-metadata-streaming DNS policy might cause a data plane memory leak. PR1613489

The new client might not be able to connect using Juniper Secure Connect if the size of INI file content exceeds the maximum INI file size buffer. PR1613993

PFE might crash and flowd core might be observed when APPQoS is configured. PR1615797

On SRX-Series devices running DNS Security in secure-wire mode, DGA verdicts would not be returned to the device PR1616075

The SRX Series device Packet Forwarding Engine crash might be observed when the DNS Security feature is enabled. PR1616171

On SRX Series devices using on-box logging, LLMD write failures might be seen under high load. The output of show security log llmd counters command can be used to view LLMD behavior. PR1620018

Traffic might get dropped due to memory issue on some SRX Series devices. PR1620888

The flowd process might stop on SRX or NFX in AppQoE scenarios. PR1621495

A major chassis alarm for Intel NIC Tx port stuck issue is added on SRX4100 and SRX4200 devices. PR1624078

Under rare circumstances, an Packet Forwarding Engine or flowd process generates core files when running AAMW. PR1624124

In rare circumstances, the pkid process could stop and generate a core file when there was limited memory available on the Routing Engine. PR1624613

Running DNS on all SRX Series devices, a memory leak on Packet Forwarding Engine might occur. PR1624655

Core files might be reported on installing IDP security package. PR1625364

The flowd process lost heartbeat for 45 consecutive seconds without alarm raised. PR1625579

The error might be seen after configuring a unified security policy allowing some application categories PR1628202

When viewing DNS Tunnel detections in the ATP cloud portal, the source IP and destination IP metadata is reversed. PR1629995

Depending on the configuration of the SRX Series devices, the duplicate events might have been written to the on-box logging database. PR1630123

LLDP packets might be sent with incorrect source MAC for RETH or LAG child members. PR1630886

The srxpfe process might crash on SRX4600. PR1630990

Reverse DNS lookups will no longer be stored in the DNSF cache when using DNS security. PR1631000

Signature package update might fail and the appid process might stop on SRX Series devices. PR1632205

Tasks of download manager might not be resumed post reboot. PR1633503

Unable to connect to domain controller on installing Microsoft KB update. PR1637548

The error is seen during the NON-ISSU upgrade from Junos OS 15.1 release to Junos OS 18.2 release and later releases. PR1639610

Configuration change during AppQoS session might result in Packet Forwarding Engine pause with flowd core. PR1640768

The KRT queue might get stuck with the error- ENOMEM -- Cannot allocate memory. PR1642172

The pfe process might pause on SRX Series devices. PR1642914

On-box security logs might be not storing the session-id as a 64-bit integer, resulting in incorrect session-id's being present in the on-box logs. PR1644867

Members MAC might be different from parent reth0 interface, resulting loss of traffic. PR1583702

IDP signature install taking longer time. PR1615985

Device is paused while checking the show security idp attack attack-list policy combine-policy command. PR1616782

On SRX Series devices, the request security idp pcap-analysis tool has had usability improvements. PR1617390

Updating the IDP signature database might get the upgrade stuck in the state In progress:Performing Offline download. PR1623857

Error your session has expired. Click ok to re-login might get error when using J-Web with root user. PR1611448

The AM or PM time format is displayed in Customize for Last field at Monitor > Logs > All Events. PR1628649

After a HA cluster is created, you are unable to edit it in J-Web. PR1636237

The reboot or halt from J-Web might fail on SRX series devices. PR1638370

DNS proxy service on SRX Series devices might stop working after commit operation is performed. PR1598065

New persistent NAT or normal source NAT sessions might fail due to noncleared aged out sessions. PR1631815

The ppmd process might stop after an upgrade on SRX Series devices. PR1335526

Traffic through one SPU might stop with potential packet drop issue with alarm as FPC major errors raised due to the PIC_CMERROR_TALUS_PKT_LOSS error. PR1600216

The SNMP packet (traps or polls) will be dropped if it crosses multiple routing instances on SRX Series devices. PR1616775

SRX accounting and auditd process might not work on secondary node. PR1620564

Error message gencfg_cfg_msg_gen_handler drop might be seen after running commit command. PR1629647

When route preferred metric is different for different RPM policies, the same metric is not reflected in routing records. PR1634129

SCB reset with error: zfchip_scan line = 844 name = failed due to PIO errors. PR1648850

SSL proxy might not be performed when SSL proxy profile is referenced in the zone or global policy. PR1608029

All feed(s) of category IP filter might be removed after committing SecIntel related configurations. PR1611073

Redundancy might get affected in SRX Chassis Cluster scenario. PR1618025

Observing commit error while configuring routing-options rib inet6.0 static on all Junos OS platforms. PR1599273

The wrong BGP path might get selected even when a better or preferred route is available. PR1616595

The mgd process might generate core files upon ISSU upgrade. PR1632853

The iked process might restart and generate core during session state activation or deactivation. PR1573102

Certificate identifier length for PKI CMPv2 CA cert is not displayed as expected in certain cases. PR1589084

The configuration change in SRG-1 might cause HA link encryption tunnel flap. PR1598338

The kmd might crash with IPsec tunnel enabled on SRX or vSRX platforms. PR1599639

The flowd process might stop and generate a corefile after upgrade. PR1603670

Uneven IPsec tunnel distribution might be seen post tunnels re-establishment. PR1615763

Traffic over IPsec tunnels might be dropped post control link failure. PR1627557

Traffic loss over IPsec tunnel might be seen on SRX Series devices. PR1628007

SRX Series devices generates core files after upgrading to any Junos OS release. PR1628947

The kmd process might stop if the IKE negotiation fragment packets are missed during initiating an IKE SA rekey. PR1638437

The pki process might stop during cmpv2 auto-re-enrollment. PR1642410