Open Issues

On SRX Series Firewall on aruba-clearpass webapi configuration set system services webapi * authentication entries could be lost during ISSU or during Junos version upgrades to 23.1 from prior versions. Due to this issue any data plane traffic using the ClearPass Authentication entries will require reauthentication.PR1732210

For accelerated flows such as Express Path, the packet or byte counters in the session close log and show session output take into account only the values that accumulated while traversing the NP. PR1546430

In NAT46 or NAT64 scenario, the IPv4 packet that incoming from interface has only family inet ,do the NAT4to6 and send out to an IPv6 interface then trigger the NDP learning or the IPv6 packet incoming from interface has only family inet6 to the NAT6to4 and then trigger ARP learning, this packet might get dropped in the Packet Forwarding Engine.PR1759202

On SRX Series Firewall, in a chassis cluster setup configured in Active/Active mode, the fabric forward packet enters the flow module causing the flow processing process (flowd) to crash, impacting the traffic forwarding and failing the Services Processing Card (SPC).PR1761542

IPsec rekey fails when SRX Series Firewall is configured with KB based lifetime in remote access solution. PR1527384

When non-root user tries to generate archive file for /var/log, it either fails or generates an archive with partial log files. This happens due to permission of files under /var/log/hostlogs/.PR1692516

FIPS mode is not supported in this release for SRX Series Firewall devices.PR1697999

Mount Command from shell mode is not supported for NFS in BSD12 based SRX300, SRX320, SRX340, SRX345, and SRX380 platforms. PR1701361

On SRX Series Firewall, log streaming using FQDN requiring DNS name resolution might fail to re-query resulting in FQDN resolution to fail.PR1708116

For case when input traffic is more and output traffic is expected equal to maximum capacity of egress interface, please set the shaping explicitly equal to interface maximum capacity if default shaping does not work. PR1712964

On SRX Series Firewall, The delay will be observed while pinging to peer device due to high latency when VLAN tagged DHCP packets arrive at IRB interface.PR1714620

In DNS response packets from the DNS server, the DNS flags do not have RA (Recursion Available) enabled. SRX Series Firewall discovers that this RA flag is disabled, and processes it as an error. The SRX Series Firewall then sends another DNS query to the second DNS server.PR1716171

It is possible to set and commit the datapath-debug configuration on platforms SRX4100 and SRX4200 although datapath debugging is not supported on those platforms. Because of this unsupported configuration being accepted the Routing Engine load can go high and cause traffic outage. The workaround is to remove the datapath-debug configuration and perform a commit.PR1739559

On SRX Series Firewall in cluster, the IP Monitoring fails to install route after the SRX Series Firewall cluster reboots.PR1780326

If session limit not configured in CLI, default value of session limit will be 7 or 1024.PR1788364

On SRX Series Firewall, J-Web does not display address book entries properly after certain operations.PR1789466

On SRX Series Firewall with multiple security policies configured and different web-filtering profiles attached to them, policies don't work as per the action defined in them.PR1696642

First time when we add this command the existing active connections are not changed, only the new connection after this command will be taken into effect. PR1608715