- Introduction
- Cover Page
- play_arrow Junos OS Release Notes for ACX Series
- play_arrow Junos OS Release Notes for cRPD
- play_arrow Junos OS Release Notes for cSRX
- play_arrow Junos OS Release Notes for EX Series
- play_arrow Junos OS Release Notes for JRR Series
- play_arrow Junos OS Release Notes for MX Series
- play_arrow What's New
- Hardware
- Authentication and Access Control
- Chassis
- Class of Service
- EVPN
- High Availability
- Interfaces
- IPv6
- Juniper Extension Toolkit (JET)
- Junos Telemetry Interface
- MPLS
- Multicast
- Network Address Translation (NAT)
- Network Management and Monitoring
- Platform and Infrastructure
- Precision Time Protocol (PTP)
- Routing Options
- Routing Protocols
- Public Key Infrastructure (PKI)
- Services Applications
- Software Defined Networking (SDN)
- Source Packet Routing in Networking (SPRING) or Segment Routing
- Subscriber Management and Services
- System Logging
- VPNs
- Additional Features
- What's Changed
- Known Limitations
- Open Issues
- Resolved Issues
- Migration, Upgrade, and Downgrade Instructions
- play_arrow Junos OS Release Notes for NFX Series
- play_arrow Junos OS Release Notes for QFX Series
- play_arrow Junos OS Release Notes for vRR
- Licensing
- Finding More Information
- Requesting Technical Support
- Revision History
Resolved Issues
Learn about the issues fixed in this release for SRX Series Firewalls.
For the most complete and latest information about known Junos OS defects, use the Juniper Networks online Junos Problem Report Search application.
Chassis Clustering
Unsupported configuration for interface st0 16000 to 16385 is possible when using replace pattern on SRX Series Firewall devices. PR1731593
In SRX MNHA cluster setup the RSI takes long time to generate. PR1736498
BFD session fails to re-establish on SRX cluster mode. PR1737520
SRX dropping GTP ChangeNotificationRequest messages due to Non-zero TID or TEID. PR1750988
Class of Service (CoS)
The CoS scheduler map might not get attached to the sub-interface correctly when shaping-rate and scheduler-map are configured. PR1734013
Flow-Based and Packet-Based Processing
The datapath-debug packet-dump feature is not capturing the transit traffic packets. PR1727027
Traffic loss is observed for the existing session if there is an update for the next-hop MAC address. PR1755181
Buffer leak when PMI sends out packet on egress interface with MTU smaller than the packet length. PR1758208
In NAT46 or NAT64 scenario, the packet that trigger NDP or ARP learning might get dropped. PR1759202
Source port for GTPv2 traffic is copied as same as destination port for the create session response packet. PR1771176
General Routing
The mustd process might stop. PR1562848
The 8-Port GbE SFP XPIM not passing traffic after software upgrade. PR1620982
The DNS information is getting lost when IPCP flaps. PR1658968
The fxp0 interface works under disable state in SRX300. PR1661816
Secondary node goes into disabled state after failover due to control link going down in a cluster. PR1703220
High latency will be observed while pinging to peer device. PR1714620
Interface speed stays 100 Mbps when removing speed and duplex command separately. PR1715247
OAM not working with flexible-vlan-tagging. PR1719108
The show system firmware shows available version as 0 after upgrading to BSD12 image. PR1729959
The flowd-octeon.elf.core generates core files rarely in SRX380 cluster. PR1732378
Intermittent core files are received when SMB protocol is enabled on AAMW policy and Packet Forwarding Engine memory is exhausted. PR1737442
Junos OS installation using USB can fail on SRX4600. PR1737721
Failover can be seen on SRX5000 line of devices cluster with SPC2 cards while executing RSI. PR1738188
Minor autorecovery information needs to be saved alarm are not displayed after zeroize. PR1738271
Traffic drop caused by Packet Forwarding Engine memory leak on SRX Series Firewall devices. PR1738656
With multiple, reboot SRX300 going into sleep thread. PR1739219
Memory leak in PKID. PR1739342
Random physical interfaces doesn't come up after a reboot. PR1739520
SRX4100 and SRX4200 accepts the datapath-debug configuration although it does not support it. PR1739559
Existing primary node not upgraded or rebooted, secondary node got upgraded but PICs didn't came online and vmcore.live.0 generated. PR1739673
Processing a TWAMP packet and terminating the TWAMP session might generate core files in a corner case scenario. PR1739733
The flowd process might pause. PR1743107
Commit panic reboot observed after implementing system processes watchdog timeout 180 on SRX Series Firewall devices. PR1744108
Added FQDN-name counter in the show services user-identification identity-management status output. PR1745588
The traffic degradation in 25percentercent down might be seen under high load traffic at SRX4600 with FPGA v1.65. PR1746567
SRX4600 misleading fan speed syslog output after removing or inserting one fan tray unit. PR1748971
SRX Series Firewall devices might take time to come up in HA or device will go down in standalone setup. PR1749584
SPC3 PIC pause. PR1749830
Large TLS1.3 session tickets to an SRX SPC3 device result in srxpfe process pause. PR1752678
The flowd process might pause due to memory stress. PR1753540
Users authenticated through captive portal experience a noticeable delay of at least 2 to 5 minutes. PR1755593
The Packet Forwarding Engine or flowd process might stop when NAT and tcp-encap is enabled. PR1756193
Changing IKE GW address from IPv6 to IPv4 causes failure in tunnel distribution during next tunnel establishment. PR1757072
AAMW hyper scan goes to lock state during reload. PR1757794
Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution PR1758332
False SNMP traps for PSU failure generated on SRX4100 and SRX4200 platforms PR1761668
The set system license log-frequency time-interval command does not work. PR1766874
ARP is not getting resolved. PR1768050
Intrusion Detection and Prevention (IDP)
Multiple network issues are seen after the upgrade with lower IDP packet-log total-memory percentage. PR1741887
J-Web
The process httpd might pause on SRX Series Firewall devices. PR1732269
Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control important environment variables (CVE-2023-36845) PR1736942
Certificate Management issues. PR1738316
Cannot add custom defined security address-book under Security Policies Objects > Security Policies > Create > Source Zone > Select Sources. PR1748078
Junos upgrades from J-Web returns failed in each step. PR1755072
Layer 2 Ethernet Services
Delay in getting IP through DHCP cause traffic loss.PR1752804
Platform and Infrastructure
The message "kernel: %KERN-6:ARP UNICAST MODE 0; retrans_timer - 8" might be seen when commit command is run for configuration which is not related to ARP. PR1735686
Routing Protocols
BFD session for BGP remains down in a specific scenario. PR1738074
RPD scheduler slip is observed when the BGP session flaps and subsequent configuration changes for the same peer. PR1742416
When BGP is configured in routing-instance of type virtual-router, default MPLS table is being created for that virtual-router, unexpectedly. PR1742513
System reboot or IPsec restart causes routes with incorrect next hop interface to be installed in the routing table. PR1752133
Content Security
Outlook notification channel connection is not established. PR1725938
User Interface and Configuration
The mgd process generates core files when show command is executed from the configuration mode. PR1745565
VPNs
The show security ike tunnel-map command is invalid with IKED. PR1738335
The show security ike sa fpc 0 pic 0 command is invalid with IKED. PR1739494
IPsec VPN does not come up in NAT-T scenario. PR1745174
Error seen while clearing ike statistics in secondary node. PR1748531
After clearing security group-vpn member ike SA, IKE SA goes down traffic disruption is observed. PR1758940