Search our Knowledge Base sites to find answers to your questions.
Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles16.1R7-S8: Software Release Notification for JUNOS Software Version 16.1R7-S8
Junos Software service Release version 16.1R7-S8 is now available. JUNOS software version 16.1R7 reaches end of engineering (EOE) on 2020-07-28 and end of support (EOS) on 2021-01-28
Junos Software service Release version 16.1R7-S8 is now available.
PR Number | Synopsis | Category: Mojito PFE |
---|---|---|
1480706 | Junos OS: EX Series, QFX Series, MX Series, SRX Branch Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps (CVE-2021-0215) Product-Group=junos |
On Juniper Networks Junos EX series, QFX Series, MX Series, and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. Refer to https://kb.juniper.net/JSA11105 for more information. |
PR Number | Synopsis | Category: All issues related to QFX PFE CoS |
1510365 | Traffic might be forwarded to the incorrect queue when a fixed classifier is used. Product-Group=junos |
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact. |
PR Number | Synopsis | Category: PFE L2 |
1491669 | Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured (CVE-2021-0203) Product-Group=junos |
On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Refer to https://kb.juniper.net/JSA11093 for more information. |
PR Number | Synopsis | Category: Border Gateway Protocol |
1497721 | Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash. Product-Group=junos |
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information. |
PR Number | Synopsis | Category: functionality related to Broadband Remote Access Server |
1502274 | MX Series platforms are not compliant with RFC 2868 and sending RADIUS access request includes tunnel assignment ID for LTS client. Product-Group=junos |
In LTS (L2TP Tunnel Switch) scenario when the MX sending the access-request to the RADIUS (Remote Access Dial-In User Service) for the LTS client, it incorrectly includes the Tunnel-Assignment-ID which is not compliant with RFC 2868. It results in the RADIUS reject the access-request and the LTS client authentification fails. |
PR Number | Synopsis | Category: MX Platform SW - Environment Monitoring |
1395539 | The minor alarm of "Bottom Fan Tray Pred Fail" might be wrongly raised when the fan speed is at high speed on MX960 Product-Group=junos |
On the MX960 a check of the "actual" fan speed is compared to the "set" fan speed. If the difference between the actual fan speed and the set fan speed is greater than 20% the system uses this to predict that the fan might be about to fail. When the fans are set to run in high speed mode, some deviation from the set fan speed is expected to occur with the fans and it is expected to sometimes see a deviation greater than 20%. Going forward this 20% tolerance check will be disabled while running in high speed mode. |
PR Number | Synopsis | Category: PTX Chassis Manager |
1380056 | Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and exeeding 100 percent of power budget Product-Group=junos |
Starting in Junos OS Release with this change, PTX Series Routers do not raise a chassis alarm in the following events; instead, it registers a system log. |
PR Number | Synopsis | Category: Tracking sw issues related to Channelized 4xOC3/1xOC-12 Mic |
1396538 | On MX Series platforms, if the channelized OC MIC (such as, 1xCOC12/4xCOC3 CH-CE) is used, the MPC/AFEB/TFEB (Forwarding Engine Board) might crash, generating core files. This is not easily reproducible. The traffic through the MIC might be impacted. Product-Group=junos |
On MX Series platforms, if channelized OC MIC (such as 1xCOC12/4xCOC3 CH-CE) is used, the MPC card/AFEB/TFEB (Forwarding Engine Board) might crash with core files generated. This is not easily reproducible. The traffic through the MIC would be impacted. |
1420983 | The FPC CPU might be hogged if channelized interfaces are configured Product-Group=junos |
On MX Series platform, with 1xCOC12 or 4XCOC3 used, if channelized interfaces are configured, FPC CPU overuse might be seen. |
PR Number | Synopsis | Category: OpenSSL and related subsystems |
1479780 | OpenSSL Security Advisory [20 Dec 2019] Product-Group=junos |
The OpenSSL project has published a security advisory for a vulnerability resolved in the OpenSSL library on December 20, 2019. Refer to https://kb.juniper.net/JSA11025 for more information. |
PR Number | Synopsis | Category: Device Configuration Daemon |
1350192 | The link-degrade-monitor configuration might cause the commit sync failure on backup RE Product-Group=junos |
On Junos platform along with redundant Routing Engine, if both link-degrade-monitor and any other configurations are configured on a port, commit synchronize might fail on the backup RE. If this occurs, the configuration might be lost after switchover and thus it might cause traffic loss. |
PR Number | Synopsis | Category: Express PFE CoS Features |
1347805 | QFX10000 platforms might encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba". Product-Group=junos |
QFX10000 platforms may encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba". This error is incorrectly categorized as 'Major' and it can be safely ignored unless it is encountered with high frequency. Future Junos releases will recategorize this message to "Info" severity. |
PR Number | Synopsis | Category: Express PFE Services including JTI, TOE, HostPath, Jflow |
1431498 | IPFIX Flow timestamp is not matching with NTP synchronized system time Product-Group=junos |
The timestamp reported for packet arrival in NetFlow records will report inaccurate time due to the synchronization issue with NTP. |
PR Number | Synopsis | Category: gladiator fabric |
1283553 | The PTX SPMB might crash after the FPC replacement followed by a SIB restart Product-Group=junos |
Due to a bug in microkernel of Switch Processor Mezzanine Board (SPMB) in PTX Control Board, the SPMB might crash after the FPC replacement followed by a Switch Interface Board (SIB) restart. The crash could cause all SIBs restart, which in turn could result in outage or traffic black hole. |
PR Number | Synopsis | Category: PRs for AE/AS/Container on the kernel side |
1474300 | A newly added LAG member interface might forward traffic even though its micro BFD session is down. Product-Group=junos |
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue. |
PR Number | Synopsis | Category: jdhcpd daemon |
1432162 | The jdhcpd memory leak might happen on MX5, MX10, MX40, MX80, and MX104 when testing DHCP subscribers log-in/out. Product-Group=junos |
On MX5/MX10/MX40/MX80/MX104 Series platforms with DHCP server configuration for DHCP subscribers, the jdhcpd memory leak might happen and the memory increase by 15MB which depends on the number of subscribers when testing the DHCP subscribers log-in/out. |
PR Number | Synopsis | Category: slt security platform jweb support |
1499280 | Security vulnerability in J-Web and Web-based (HTTP/HTTPS) services is observed. Product-Group=junos |
Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information. |
PR Number | Synopsis | Category: Layer 2 Circuit issues |
1498040 | VPNs The l2circuit neighbor might be stuck in RD state at one end of the MC-LAG peer. Product-Group=junos |
In MC-LAG scenario, if the l2circuit is configured with primary-neighbor/backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor/backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down) state due to race condition between VC (virtual circuit) state update timer and L2ckt intf state change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up. |
PR Number | Synopsis | Category: Label Distribution Protocol |
1436119 | Traffic loss might be seen after the LDP session flaps rapidly. Product-Group=junos |
On MX/PTX platforms under BGP scenario with LDP is enabled, if the knob "ecmp-fast-reroute"/"protect core" is configured, after the LDP session rapidly flaps and converges without any label change, traffic loss might be seen. |
PR Number | Synopsis | Category: Port-based link layer security services and protocols that a |
1503010 | The replay protection window size is wrongly set if replay-protect for MACsec is enabled with replay-window-size value set to zero Product-Group=junos |
If replay-protect for MACsec is enabled with replay-window-size value set to zero, the size of the replay protection window is wrongly set to max window size. |
PR Number | Synopsis | Category: Bugs related to ethernet interface on MX platform |
1367224 | I2C error logs are seen when configuring wavelength on tunable SFP+. Product-Group=junos |
I2C error logs are seen when configuring wavelength on tunable SFP+ |
PR Number | Synopsis | Category: MX104 Software - Chassis Daemon |
1279339 | On MX104 platform with GRES enabled, the chassis network-services might not get set as "Enhanced-IP" Product-Group=junos |
On MX104 platform with graceful routing engine switchover (GRES) enabled. The chassis network-services might not get set as "Enhanced-IP" though it is specifically configured. "Disable GRES, then config enhanced-ip" is a workaround for this issue. |
PR Number | Synopsis | Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure |
1287956 | Not following the guideline of rebooting entire chassis after changing chassis network-services configuration can cause vmcore and crash of FPCs/routing-engines on chassis. Product-Group=junos |
When configuration at hierarchy [edit chassis network-services] is changed a reboot of chassis is needed to avoid any unexpected behavior. One such behaviour is an assert condition due to issues in nexthop allocation leading to vmcore and reboot of FPCs/REs on the chassis. This PR introduces changes to handle such assert conditions gracefully and to avoid FPC/RE crash. The guideline of rebooting the entire chassis when configuration change is made is still valid. |
PR Number | Synopsis | Category: Kernel-only Base FreeBSD Infrastructure |
1453683 | FreeBSD-SA-19:20.bsnmp : Insufficient message length validation in bsnmp library (CVE-2019-5610) Product-Group=junos |
The bsnmp software library is a SNMP (Simple Network Management Protocol) implementation included with Juniper Networks Junos OS for the snmpd process. A programming error allows a remote user to read unrelated data or trigger a snmpd process crash. Refer to https://kb.juniper.net/JSA11047 for more information. |
PR Number | Synopsis | Category: Category for ifstate infrastructure issues |
1486161 | Kernel core might be seen if deleting an ifstate Product-Group=junos |
On all Junos OS platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change. |
PR Number | Synopsis | Category: Kernel MPLS / Tag / P2MP Infrastructure |
1493053 | The backup RE may crash if an indirect next-hop is sent by the master RE without associated sgid. Product-Group=junos |
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network. |
PR Number | Synopsis | Category: JUNOS Network App Infrastructure (for ping, traceroute, etc) |
1502386 | Arbitrary code execution vulnerability in telnet server (CVE-2020-10188). Product-Group=junos |
A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. Refer to https://kb.juniper.net/JSA11057 for more information. |
PR Number | Synopsis | Category: This PR category is for tracking only TCP/UDPtransport layer |
1449664 | FPC might reboot with vmcore due to memory leak. Product-Group=junos |
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files. |
PR Number | Synopsis | Category: Kernel Tunnel Interface Infrastructure |
1470667 | The GRE tunnel might go down in the scenario with IPv4 and IPv6 IPsec service configured Product-Group=junos |
On all Junos platforms running with Generic Routing Encapsulation (GRE) tunnel, if there is also IPv4 and IPv6 IP security (IPsec) service configured, in a corner case, IPsec deferred packet queuing might cause a deferred packet (e.g. a deferred IPv6 packet) to be sent over the same GRE logical interface on which a different packet (e.g. an IPv4 packet) is already being processed, the GRE tunnel might go down due to GRE interface loop detection. This is a timing issue. |
PR Number | Synopsis | Category: OSPF routing protocol |
1385014 | The rpd process crashes when executing specific show ospf interface commands from the CLI with the configured OSPF authentication. Product-Group=junos |
Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Refer to https://kb.juniper.net/JSA11030 for more information. |
PR Number | Synopsis | Category: Express Paradise PFE L3 Features |
1251154 | An FPC major alarm might be seen with error messages "DLU: ilp memory cache error" and "DLU: ilp prot1 detected_imem_even error" Product-Group=junos |
On PTX platforms with FPC3, PTX1000 with build-in chassis and QFX10000 platforms, a Flexible PIC Concentrator (FPC) major alarm might be seen if the system detects parity error, and the error messages "DLU: ilp memory cache error" and "DLU: ilp prot1 detected_imem_even error" might appear. The alarm might be cleared without intervention. This error may also be accompanied by traffic loss. |
PR Number | Synopsis | Category: Path computation client daemon |
1472825 | Manually configured ERO on NS controller lost when PCEP session bounced Product-Group=junos |
On all Junos platform with Path Computation Element Protocol (PCEP) enabled, if PCEP session bounced druing Routing Engine (RE) switchover on a LSP ingress router, unexpacted delete message might be sent from Path Computation Client (PCC) to Path Computation Element (PCE) with North Star (NS) controller. In the end, manually configured explicit route object (ERO) for RSVP-TE based label switched path (LSP) on NS controller will be lost. However, traffic go through ERO set on NS controller is still normal. |
PR Number | Synopsis | Category: PTX5KBroadway based PFE IPv4, IPv6 software |
1479789 | Multicast routes add or delete events might cause adjacency and LSPs to go down. Product-Group=junos |
In PTX5000 platform with (FPC2-PTX-P1A | FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM/MVPN scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747] |
PR Number | Synopsis | Category: Periodic Packet Management Daemon |
1448670 | The connection between ppmd (Routing Engine) and ppman (FPC) might get lost due to session time out. Product-Group=junos |
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD. |
PR Number | Synopsis | Category: Issues related to Junos SNMP Infrastructure (snmpd, mib2d) |
1364001 | SNMP process crashes during polling CFM stats Product-Group=junos |
During polling Ethernet Connectivity Fault Management protocols stats SNMP process may crash |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1405917 | The FPC crash might be observed in MS-MPC HA environment Product-Group=junos |
On MX Series platform with MS-MPC card used, in race condition, if the MS-MPC is used on HA (High Availability) scenario ( the 'set interfaces ms-x/x/x redundancy-options redundancy-peer/redundancy-local' knob and GRES is configured), the FPC might crash due to the bus error (segmentation fault). The reason is that two CPUs simultaneously access the same session-extension memory in the session structure, one for writing, the other for reading. A reading CPU gets an incorrect value and uses that as the memory address. This causes the bus error (segmentation fault). |
1441517 | Junos OS: MX Series: MS-MPC/MIC might crash when processing malformed IPv6 packet in NAT64 configuration. (CVE-2020-1680) Product-Group=junos |
On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. Refer to https://kb.juniper.net/JSA11077 for more information. |
1489942 | Prolonged flow control might occur with MS-MPC or MS-MIC. Product-Group=junos |
On MX platforms with MS-MPC/MS-MIC, datapath is getting blocked due to incorrect handling of fragment packets with payload size 0. When the datapath is blocked for more than 5 seconds, it is identified as Prolonged flow control, and the pic is rebooted. Core dump is generated if dump-on-flow-control is enabled. |
PR Number | Synopsis | Category: platform related PRs on SRX branch platforms |
1289649 | Junos OS: SRX and NFX Series: Insufficient Web API private key protection (CVE-2020-1688) Product-Group=junos |
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. Refer to https://kb.juniper.net/JSA11085 for more information. |
PR Number | Synopsis | Category: Issues related to mgd, DAX API, DDL/ODL infrastructure, Juno |
1423500 | Configuration commit might fail when the file system gets into full state. Product-Group=junos |
On all platforms running Junos OS, when the file system gets into the Full state and there is not enough spare disk space, it might get into a problematic system condition while committing the configuration. After that, if the consecutive commits are still done in such a problematic condition, commit-check failure logs might be seen eventually. Due to this issue, some processes might not run even if the configuration is present. |
PR Number | Synopsis | Category: ESWD |
---|---|---|
1192520 | GARPs are being sent from the switch once in every 10 minutes. Product-Group=junos |
GARPs were being sent whenever there was a MAC (fdb) operation (add or delete). This is now updated to send GARP when the interface is up and l3 interface attached to the VLAN. |
PR Number | Synopsis | Category: All issues related to L3 data-plane/forwarding |
1443507 | IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present. Product-Group=junos |
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly. |
PR Number | Synopsis | Category: agentd software daemon |
1248813 | "telemetry_start_polling_fd: evSelectFD failed, errno: 9" messages are continuously seen in the log Product-Group=junos |
The error messages "Telemetry_start_polling_fd: evSelectFD failed, errno: 9" are continuously seen in logs. These are cosmetic logs and harmless. As a workaround, configure "set system processes SDN-Telemetry disable" and "deactivate groups junos-defaults routing-options enable-sensors" if telemetry is indeed not needed/configured to prevent the issue of error logs. |
PR Number | Synopsis | Category: PRs related to Aloha SW |
1454595 | The 100-Gigabit Ethernet interfaces might not come up again after going down on MPC3E-NG. Product-Group=junos |
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered. |
PR Number | Synopsis | Category: Border Gateway Protocol |
600308 | JUNOS BGP Established state is not shown in "show bgp summary" if only master routing instance is present Product-Group=junos |
When only the default routing-instance is present, the command "show bgp summary" does not show the BGP ESTABLISH state. If the BGP state is not an ESTABLISHED state, then it shows the state as design (that is, Active, Idle, Connect). If there is a routing-instance configured (apart from master routing-instance inet.0), the BGP ESTABLISH state is shown properly. The issue happens for IPv4 BGP sessions only; on IPv6 all the BGP states are seen as default. |
1403186 | All the BGP session flap after RE switchover Product-Group=junos |
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover. |
1447601 | On the MX2000 and PTX10000 lines of devices , Layer 3 VPN PE-CE link protection exhibits unexpected behavior. Product-Group=junos |
In L3VPN PE-CE link protection scenario with MX2K/PTX10K platforms, the external and internal BGP (EIBGP) multipath route might be advertised with an unexpected VPN label if IBGP backup path is present. When the backup IBGP path goes away, it will get the correct VPN label like other routes. |
1487486 | The rpd might crash with BGP RPKI enabled in a race condition Product-Group=junos |
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash. |
1517498 | The rpd might crash after deleting and re-adding a BGP neighbor. Product-Group=junos |
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue. |
1523075 | The BGP session with VRRP virtual address might not come up after a flap. Product-Group=junos |
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively. |
PR Number | Synopsis | Category: Cassis pfe microcode software |
1298161 | In some MX Series deployments running Junos OS, the following random syslog messages are observed for FPCs: fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. These messages might not have a service impact. These messages are addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. Product-Group=junos |
In some MX Series deployments running Junos OS, random syslog messages are observed for FPC cards: "fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left". These messages are not an issue and might not have a service impact. These messages will addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored. |
1303489 | The following error message is observed: DROP protect_regs error (status=0x8). Product-Group=junos |
Due to parity error in queue memory a major alarm and following messages are generated: messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8). - This message with status 0x8 has no service impact. - PR/1481558 has perform software changes and move the severity from Major to Minor. - FPC restart is needed to clear off this alarm, otherwise this error message will be generated every 60 seconds. |
1380566 | FPC Errors might be seen in subscriber scenario Product-Group=junos |
In subscriber scenario, if the"service-accounting-deferred" is configured on dynamic-profile, and there is multicast to a large number of destinations on the same physical port, the FPC Errors might be seen. |
PR Number | Synopsis | Category: Enhanced Broadband Edge support for cos |
1407480 | FPC may crash shortly after XQ chip memory read failure Product-Group=junos |
In a rare scenario XQ based FPC may reset shortly after it encounters XQ chip memory read failure. |
PR Number | Synopsis | Category: QFX Access Control related |
1515972 | "dot1x" memory leak Product-Group=junos |
Memory leak is seen in 'dot1xd' daemon when no 'dot1x' is configured. Memory leak is seen for the allocation while creating socket from 'dot1xd' daemon to 'authd' daemon. If 'authd' is not running , 'dot1xd' daemon tries to connect to 'authd' periodically and every time it was allocating memory for string "/var/run/authd_control" for socket creation. The memory does not free in this scenario and we see memory leak for string "/var/run/authd_control". There will be no service impact to other services/daemons other than dot1x. |
PR Number | Synopsis | Category: OpenSSH and related subsystems |
1508253 | Junos OS: SRX Series: Integrated User Firewall OpenLDAP vulnerability resolved (CVE-2019-13565) Product-Group=junos |
A vulnerability that allows an unauthenticated remote attacker to obtain access that would otherwise be denied in the Simple Authentication and Security Layer (SASL) implementation that is part of the OpenLDAP third party software package has been resolved in Juniper Networks SRX Series configured with Integrated User Firewall. Refer to https://kb.juniper.net/JSA11088 for more information. |
PR Number | Synopsis | Category: Device Configuration Daemon |
1519334 | Buffer overflow vulnerability in a device control daemon is observed. Product-Group=junos |
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information. |
PR Number | Synopsis | Category: This is for all defects raised against dns-proxy feature |
1168322 | Junos OS: SRX Branch Series and vSRX Series: Multiple vulnerabilities in ISC BIND named. (CVE-2016-1285, CVE-2016-1286) Product-Group=junos |
ISC BIND software included with Junos OS on SRX Branch Series and vSRX devices has been upgraded to resolve multiple vulnerabilities. These issues are only applicable to SRX Branch Series and vSRX Series with DNS Proxy server enabled. Refer to https://kb.juniper.net/JSA10994 for more information. |
PR Number | Synopsis | Category: JUNOS Dynamic Profile Configuration Infrastructure |
1258744 | The device control process (dcd) crashes during the ATM-related configuration commit. Product-Group=junos |
In a subscriber service environment, the device control process (dcd) might restart unexpectedly during commit process after changes to ATM interface configuration. |
PR Number | Synopsis | Category: Inline Jflow PRs for defect & enhancement requests |
1362887 | The inline J-Flow sampling configuration might cause FPC crash on MX Series platforms. Product-Group=junos |
On MX-series platforms, if the inline-jflow "nexthop-learning" knob is configured, when the sampling removes one next-hop, the FPC might crash. It is not easily reproducible and it is a rare issue. |
PR Number | Synopsis | Category: PRs for AE/AS/Container on the kernel side |
1346949 | After an FPC becomes online or child interface added to ae bundle in config, traffic loss might be experienced for around 30 seconds till LACP reaches operational state. If child link stays detached in LACP, traffic loss will continue. Product-Group=junos |
On the Trio-based platform with "enhanced-ip" enabled which is enabled by default on MX80, MX104, MX 2010, MX2020, and MX10003, if the aggregate interface is initialized before the child interface is marked as part of the aggregate after FPC becomes online or child interface added to ae bundle in config, the traffic goes out from the ae interface might lose for around 30 seconds till LACP reaches operational state. If child link stays detached in LACP, traffic loss will continue. |
1425211 | Interface with FEC disabled might flap after Routing Engine mastership switchover. Product-Group=junos |
By default, RS-FEC (Reed-Solomon Forward Error Correction) is enabled for 100G SR4/PSM4 optics and disabled for 100G LR4 optics. The "set interfaces xx gigether-options fec" knob was introduced in Junos OS Release 16.1R1, it can be used to override the default behavior and explicitly enable/disable FEC for a 100G interface. In GRES scenario, when a 100G interface with SR4/PSM4 optics (e.g. QSFP-100GBASE-SR4/QSFP-100G-PSM4) is a member of an AE interface, and FEC is disabled on AE (knob "gigether-options fec none" is configured), the interface might flap during RE mastership switchover. After that, the interface will come up itself and this issue will recover automatically. |
PR Number | Synopsis | Category: jpppd daemon |
1350563 | Spontaneous jpppd generates core files on the backup Routing Engine in a longevity test at ../../../../../../src/junos/usr.sbin/jpppd/pppMain.cc:400. Product-Group=junos |
In L2TP scenario when MX router functions as LTS (L2TP Tunnel Switch), there is a memory leak in jpppd process running on the backup RE, which will eventually lead to jpppd core dump due to out of memory condition. There is no functional impact as it happens on the backup RE. |
PR Number | Synopsis | Category: IPSEC/IKE VPN |
977435 | Junos OS: SRX Series: An attacker sending spoofed packets to IPSec peers may cause a Denial of Service. (CVE-2020-1657) Product-Group=junos |
On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel; Refer to https://kb.juniper.net/JSA11050 for more information. |
PR Number | Synopsis | Category: slt security platform jweb support |
1518212 | Junos OS: Privilege escalation in J-Web due to arbitrary command and code execution via information disclosure from another users active session (CVE-2021-0210) Product-Group=junos |
An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. Please refer to https://kb.juniper.net/JSA11100 for more information. |
PR Number | Synopsis | Category: Layer 2 Circuit issues |
1512834 | The rpd might crash when deleting l2circuit configuration in a specific sequence. Product-Group=junos |
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change. |
PR Number | Synopsis | Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS) |
1255542 | General Routing Load balancing is uneven across aggregated Ethernet member links when the aggregated Ethernet bundle is part of an ECMP path. The aggregated Ethernet member links must span the Virtual Chassis members. Product-Group=junos |
Load balancing is uneven across Aggregated Ethernet (AE) member links when the AE bundle is part of an equal cost multipath (ECMP). The AE member links need to span Virtual Chassis members. |
PR Number | Synopsis | Category: Multiprotocol Label Switching |
1467278 | The rpd might crash in PCEP for the RSVP-TE scenario. Product-Group=junos |
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed. |
PR Number | Synopsis | Category: Multi Protocol Label Switch Operations, Admin & Maintenance |
1328058 | JSA10877 2018-10 Security Bulletin: Junos OS: RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043) Product-Group=junos |
The RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043); Refer to https://kb.juniper.net/JSA10877 for more information. |
1399484 | The rpd process might crash when executing "traceroute mpls bgp" Product-Group=junos |
When traceroute is performed to a remote host for an MPLS LSP using the command "traceroute mpls bgp", in very rare cases, it is possible that mplsoam process is holding the stale BGP instance handle in the query to the rpd process to get the information for the Forwarding Equivalence Class (FEC). Hence rpd crash might occur because of the invalid instance and cause traffic impact until rpd comes back up. |
PR Number | Synopsis | Category: MX104 Software - Kernel |
1223979 | On the MX104 router, CPU hog or busy state occurs with the sporadic L2C access error message and false alarms. Product-Group=junos |
In MX104, when RE CPU usage is going high, sporadic I2C error message would be shown up. Since the situation would be temporary, the I2C access may success in next polling and there would be no impact. |
PR Number | Synopsis | Category: Track Mt Rainier RE platform software issues |
1220061 | The routers equipped with NG-REs might raise memory size mismatch alarm after upgrade Product-Group=junos |
MX or PTX series routers equipped with NG-REs might raise memory mismatch alarm which is cosmetic. |
1408480 | The alarm 'Mismatch in total memory detected' is observed after issuing "request reboot vmhost routing-engine both". Product-Group=junos |
Alarm 'Mismatch in total memory detected' is observed after reboot vmhost both. |
1498966 | Downgrade fails on RE-S-X6-64G-LT-S SKU to junos below 17.2R1 Product-Group=junos |
Downgrade to junos version 17.2 below with RE-S-X6-64G-LT-S will fail with below errors > request vmhost software add junos-vmhost-install-mx-x86-64-16.1R7-S6.1-limited.tgz warning: Packages /var/home/remote-su/junos-vmhost-install-mx-x86-64-16.1R7-S6... is not limited edition and can not be loaded on this RE, please try the supported version |
PR Number | Synopsis | Category: Category for ifstate infrastructure issues |
1379657 | Protocol adjacency might flap and FPC might reboot if jlock hog happens Product-Group=junos |
On all platforms and in scaling scenario, if doing some operations which causes jlock hog, the protocols adjacency might flap and all the FPCs might reboot. |
PR Number | Synopsis | Category: PRs requiring triage and/or fix in the PFE Peer Infra |
1209308 | Protocol may flap Product-Group=junos |
In some rare scenarios, TCP keepalive may timeout on the local sockets between the master Routing Engine and the FPCs. The problem caused by a delay in packet processing on em0 interface, or delay in processing keepalive packets during network instability events. The results are protocol flap events. |
PR Number | Synopsis | Category: This PR category is for tracking only TCP/UDPtransport layer |
1370803 | Junos TCP application might be affected if zero window condition persists Product-Group=junos |
In some scenarios, Zero Window Attack flag not being correctly handled in JUNOS, causing BGP sessions to flap. The BGP TCP session should never be RST in scenarios where Zero Window Condition persists. |
1394370 | The command "commit synchronize" might fail because several internal connections are stuck Product-Group=junos |
Command "commit synchronize" might fail due to kernel TCP socket stuck, the stuck can also result in login failure to the Backup RE from Master RE or to an FPC. |
PR Number | Synopsis | Category: Path computation client daemon |
1442598 | A few Path Computation Element Protocol (PCEP) logs are marked as error even though they are not an error. The severity of those logs is now marked as INFO. Product-Group=junos |
1. Connection with rpd established! 2. Switched to master mode 3. received SIGHUP, handle configuration 4. Switched to slave 5. PCCD mastership is: %d 6. Delegation retry timedout: LSP id: %d with PCE: %s 7. Connection with pce %s (%s:%u) successful 8. Connection to pce %s (%s:%u) failed 9. PCCD received message '%s' from libpcep 10. PCClose received from PCE. Switching to new main PCE 11. No protocol trace configuration found 12. Could not get pce-group id from pce |
PR Number | Synopsis | Category: PTX5KBroadway based PFE IPv4, IPv6 software |
1254415 | On the PTX Platform with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. Product-Group=junos |
On the PTX Platform with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts. |
PR Number | Synopsis | Category: Periodic Packet Management Daemon |
1003991 | FPC packet buffer memory leak due to continuous delegated BFD session flapping Product-Group=junos |
|
PR Number | Synopsis | Category: Routing Information Protocol |
1508814 | The rpd crash might occur due to RIP updates being sent on an interface in the down state. Product-Group=junos |
When RIP with p2mp (point-to-multiple) is configured on an interface in down state, in a very corner case, routing daemon might crash while sending RIP updates to an interface which is already down. |
PR Number | Synopsis | Category: RPD Next-hop issues including indirect, CNH, and MCNH |
1276044 | Routing Protocol Daemon(RPD) might crash with core-dump if forwarding-table export policy with 'install-nexthop' is configured Product-Group=junos |
Routing Protocol Daemon(RPD) might crash with core-dump if forwarding-table export policy with 'install-nexthop' is configured and that LSP is not available |
1370174 | The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based dynamic GRE tunnel is configured. Product-Group=junos |
With interface-based Dynamic GRE Tunnel configured, there might be 2 next-hops for a single dynamic GRE tunnel when a new route is resolved over the dynamic tunnel after RE switchover is performed or the rpd is restarted. Subsequent withdrawal of the routes over that tunnel or master Routing Engine restarting will cause the rpd crash. This issue is introduced in PR 1202926 (which is fixed in 15.1F7 16.1R4 16.2R1-S6 16.2R1-S6-J1 16.2R2 17.1R2-S7 17.1R2-S8 17.1R3 17.2R1). |
1534455 | Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd. Product-Group=junos |
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel. |
PR Number | Synopsis | Category: RPD route tables, resolver, routing instances, static routes |
1457955 | An aggregate route with BGP contributing routes may flap in some scenarios as expected Product-Group=junos |
Aggregate route with BGP contributing routes may flap in some scenarios as expected. The reasons is, by default, aggregate route carries some BGP attributes like AS-PATH, originator, cluster. Aggregate route inherits those attributes from active contributing routes. If one or few contributing routes adding/deleting/changing happens, while other contributing routes are still stable, aggregate route may refresh since its attributes got changed. If this aggregate route is exported into BGP, a BGP update will be sent to downstream router with updated attributes, causing a service impact. Reference page: https://www.juniper.net/documentation/en_US/junos/topics/concept/policy-aggregate-routes.html |
PR Number | Synopsis | Category: show route table commands, tracing, and syslog facilities an |
1198032 | 'show configuration routing-options flow' should disply then action statements followed by the match conditions Product-Group=junos |
The sequence of statements in the output of show configuration routing-options flow operational command has changed to improve readability. The then statements are now displayed after the match conditions in a logical sequence. |
PR Number | Synopsis | Category: Resource Reservation Protocol |
1493718 | JSA11098 Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet. (CVE-2021-0208) Product-Group=junos |
An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11098 for further information. |
PR Number | Synopsis | Category: Non sparks issues in jflow/monitoring services |
1284918 | The sampled route reflector process (srrd) might crash in the large routes churn situation. Product-Group=junos |
When the FPCs are busy in high churn scenarios, because the srrd thread in the Packet Forwarding Engine has low priority, CPR resources are insufficient to process the messages sent by srrd process. Due to this, the queue for these busy FPCs are piling in srrd and eventually leading to crash. Refer to the description for the details. |
PR Number | Synopsis | Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP) |
1415119 | Only 40 MS-PICs (10 MS-MPC cards) can be in the ACTIVE state even if more than 10 MS-MPC cards are inserted in the MX2020 chassis Product-Group=junos |
On MX2020 platform, at most 40 MS-PICs (10 MS-MPC cards) can be in the ACTIVE state even if more than 10 MS-MPC cards are inserted in the MX2020 chassis. |
1453811 | Delay in freeing processed defragment buffers lead to prolonged flow control and might crash. Product-Group=junos |
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA11037 for more information. |
PR Number | Synopsis | Category: PRs for SFW, CGNAT on MS-MIC/MS-MPC (XLP) |
1335956 | In an MS-MPC or MS-MIC in ALG scenario, the MAC_STUCK message might be observed and traffic might be dropped. Product-Group=junos |
In an MS-MPC or MS-MIC in ALG scenario, the MAC_STUCK message might be observed and traffic might be dropped. |
PR Number | Synopsis | Category: Stout cards (MPC7, MPC8, MPC9, SFB2, MRATE & 8x100 MICs) |
1354070 | The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD Product-Group=junos |
The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD |
PR Number | Synopsis | Category: Interface Issues seen on Stout cards (MPC7, MPC8, MPC9) |
1441816 | Egress stream flush failure and traffic black hole might occur. Product-Group=junos |
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003. |
PR Number | Synopsis | Category: Trinity LU, IX, QX, MQ chip drivers, ucode & related SW |
1059137 | An enhancement for reporting CM-ERRORs when memory parity errors occur within MPC pre-classifier engines Product-Group=junos |
On MX Series routers, parity memory errors might occur in pre-classifier engines within an MPC. Packets are silently discarded because such errors are not reported and hence harder to diagnose. CM errors such as syslog messages and alarms should be raised when parity memory errors occur. |
PR Number | Synopsis | Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch |
1308000 | Enhanced Subscriber Management: Targetting for subscribers terminated in non-default routing-intance is supported from 17.3R2 Product-Group=junos |
Enhanced Subscriber Management: For subscribers terminated in routing-instance, targeting will be supported from 17.3R2 onwards. With current code subscribers may come up but traffic towards subscriber may be dropped at MX as it is not support in current release. |
1401808 | FPC core files due to a corner case scenario (race condition between RPF, IP flow). Product-Group=junos |
In a subscriber management deployment where the Reverse-Path-Forwarding (RPF) check and MAC check is enabled, a race condition might cause software failure and resulted in a Flexible PIC Concentrator (FPC) to restart. |
PR Number | Synopsis | Category: trinity pfe qos software |
1382288 | One single port with Dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers seen now. Product-Group=junos |
One single port with dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers are seen. |
1418602 | FPC log messages: "Q index(xxxxx) is not allocated" Product-Group=junos |
The cause of the messages is a race condition. For each IFL, IFLSET or IFD object, HALP statistics module reads stats values from hardware for the individual queues. HALP stats module is implemented as a separate stats thread and while stats thread is waiting, PFEMAN thread may assign different queues to the IFL/IFLSET/IFD object. After stats thread gets CPU back, before reading HW for the next queue, stats thread needs to validate that queue is still applicable, which fails if we see the message. The messages are harmless and can be ignored. |
PR Number | Synopsis | Category: Interface based services (map-e, 6rd, ip-reassembly) on TRIO |
1465490 | On MPC7, MPC8, and MPC9, WO packet error and FPC major alarm are observed when reassembling the small fragments. Product-Group=junos |
When a device is running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, and GRE, the Packet Forwarding Engine is disabled upon receipt of small fragments requiring reassembly. Refer to https://kb.juniper.net/JSA11036 for more information. |
PR Number | Synopsis | Category: trinity pfe l3 forwarding issues |
1474154 | Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655) Product-Group=junos |
When a device is running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by MAP-E, the Packet Forwarding Engine is disabled upon receipt of large packets requiring fragmentation. Refer to https://kb.juniper.net/JSA11041 for more information. |
PR Number | Synopsis | Category: DDos Support on MX PR category |
1377899 | Junos OS: MX series/EX9200 Series: IPv6 DDoS protection does not work as expected. (CVE-2020-1665) Product-Group=junos |
On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. Refer to https://kb.juniper.net/JSA11062 for more information. |
PR Number | Synopsis | Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacpl |
1233649 | additional fix for timing issue that can cause auditd core Product-Group=junos |
additional fix for timing issue that can cause auditd core, covered several corner cases to prevent core related to PR1191527 |
PR Number | Synopsis | Category: Issues related to configuration management, ffp, load action |
1267433 | The commitd process might generate a core file when removal of certain configuration is followed by a commit operation. Product-Group=junos |
Core file is generated by commitd when deletion for a certain configuration is committed. Configuration is properly changed after commit even though core file remains. |
PR Number | Synopsis | Category: Virtual Private LAN Services |
1295664 | Layer 2 Features LSI interface might not be created, causing remote MACs not to be learned and display of the following error log: RPD_KRT_Q_RETRIES: ifl iff add: Device busy". Product-Group=junos |
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages |
PR Number | Synopsis | Category: Virtual Router Redundancy Protocol |
1305327 | VRRP could not support IFLs using the same group ID in VRRP delegated-process mode Product-Group=junos |
If one IFL changes VR (virtual-router) state from Master to Backup, traffic might black-holed for other IFLs which shares the same group ID on an IFD. |
Getting Up and Running with Junos
Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search