Open Issues

With restart-chassis control command on SRX4200, SRX4700, SRX5000 line of devices, BFD ICL will flap. PR1789245

On Junos OS SRX Series Firewall running as L3 VNI gateway in EVPN-VXLAN scenario, traffic drops will be observed if traffic passes through two VXLAN tunnels and traffic fails to cross the two VXLAN tunnels when the Packet Forwarding Engine is processing the packet having same remote IPs for two VXLAN tunnels. PR1847419

Additional logging has been added to the primary Routing Engine. This is to help narrow down the issue which chassisd process restarted unexpectedly at snmp_init_oids( ) function on the primary Routing Engine while booting up. PR1787608

On all Junos and Junos Evolved platforms, repd core observed during ISSU.PR1797189

On SRX4100 and SRX4200 devices, starting and stopping the monitor traffic interface, causes the VPN tunnel or tagged traffic to be dropped. However, keeping the monitor traffic interface running, ensures that traffic will function properly. Issue occurs when monitor interface command on an interface is performed on devices that has vlan-tagging configured. PR1808353

On SRX5600 and vSRX3.0, while upgrading from Junos OS release to 22.4R3-S1 or 22.4R3-S2, the upgrade process can fail as the rpd process stops as part of validation process. This is seen if the router configuration has Multicast or IGMP or BBE configuration. PR1810817

MACSec is supported in routing mode but not in transparent mode. PR1812427

On SRX1500 device, large IP packets of size 1470 bytes or larger might be dropped when using ethernet-switching and trunk ports.PR1813536

On vSRX3.0 platforms using SWRSS L2HA configured, traffic loss for RTO traffic might be observed and on secondary node sessions not getting cleared and sessions reaching maximum limit of 12M. The issue happens when RTO traffic not evenly distributed to all flow threads over the fabric interface. PR1819911

Use the -O option on remote host while initiating scp file transfer or enable sftp-server. PR1827152

If the IDP security-package is installed multiple times, it will cause sigpack installation failure as the AppID memory allocation got failed. PR1832094

On SRX300 line of devices configured with custom applications and a signature package already installed, installing a new sigpack might result in the failure to recompile the custom applications, causing detection failures. During Layer 4 to Layer 7 traffic processing, custom applications might be incorrectly marked as INCONCLUSIVE, impacting application detection. PR1833667

Link aggregation on SRX1600 does come up with flexible vlan tagging enabled on aggregated port. PR1838033

In the MIPS and FIPS mode, kernel panics while switching floating point state, reboots and generates a vmcore file. PR1838923

On SRX1600, with MVRP enabled vlan learning and assignment not happening. PR1839275

A core file is generated due to memory corruption when sigpack install is pushed from Routing Engine to Packet Forwarding Engine. PR1841520

When upgrading to Junos OS release 23.4R1 and above, unnecessary trace log files related to licenses are generated. PR1845079

Added missing syslog messages for SCEP and CMPv2 certificate enrollment failure. PR1845573

On SRX380 device in packet mode, when VLAN -VPLS encapsulation is configured on an ingress interface of the PE device, the incoming packet is dropped because these packets are identified as L2 unknown unicast packets. PR1845997

On SRX300 line of devices configured with native-vlan-id, after upgrading the device to Junos OS release 23.4R1 or higher the native-vlan-id option is missing under the interface hierarchy. This leads to a syntax error, stopping users from setting the native-vlan-id. PR1847366

New RSI CLI command request support information security-components nat. PR1825372

On SRX5000 line of devices, if vmcore is initiated for XLP PIC vmcore process stops. PR1811765

On SRX300 line of devices, when TACACS accounting is configured, after an upgrade to Junos OS release 23.4R2-S2.1, the DHCP-relay might not work anymore and the shm-rtsdbd process might generate core files. PR1843935

An authentication bypass by spoofing vulnerability in the RADIUS protocol allows an on-path attacker between a RADIUS server and a RADIUS client to bypass authentication when RADIUS authentication is in use. PR1850776

On SRX5000 line of devices with HA cluster in FIPS mode, repeated manual failovers of redundancy groups can result in SPC3 or IOC4 or both the cards going offline.PR1797468

XML namespace string in rpc-reply tag for system-uptime-information was changed to represent the full version name. PR1842868

MNHA Conn State and ICL are down after 48+ hours of device being up with background traffic due to BFD flaps at regular intervals.PR1822662

With Primary node reboot and back to back failovers after, the VPN sequence number synchronizes RTO packets between the primary node and secondary node stops for few mins after the secondary node moves to secondary state from secondary-hold state. If any failover occurs during this period, traffic loss occurs until the IPSEC sequence number on the newer primary node catches up the sequence number sent by the previous primary node.PR1842874

FIPS using the VPN traffic-selector in an SRX Series Firewalls HA cluster, when a VPN traffic-selector configuration is committed in the backup HA cluster node, the VPN might not be present in the Packet Forwarding Engine after the configuration. This issue will prevent VPN to initiate an IKE negotiation if the VPN is triggered on-traffic locally, and the RG1+ is active at the other HA node than that of the RG0. PR1846168