Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

16.1R7-S8: Software Release Notification for JUNOS Software Version 16.1R7-S8

0

0

Article ID: TSB17820 TECHNICAL_BULLETINS Last Updated: 29 Mar 2021Version: 3.0
Alert Type:
SRN - Software Release Notification
Product Affected:
ACX, EX, T, TX, PTX, MX, QFX5100, VMX, VRR, Network Agent
Alert Description:
Junos Software Service Release version 16.1R7-S8 is now available for download from the Junos software download site
Download Junos Software Service Release:
  1. Go to Junos Platforms - Download Software page
  2. Input your product in the "Find a Product" search box
  3. From the Type/OS drop-down menu, select Junos SR
  4. From the Version drop-down menu, select your version
  5. Click the Software tab
  6. Select the Install Package as need and follow the prompts
Solution:

Junos Software service Release version 16.1R7-S8 is now available. JUNOS software version 16.1R7 reaches end of engineering (EOE) on 2020-07-28 and end of support (EOS) on 2021-01-28
 

Junos Software service Release version 16.1R7-S8 is now available.

16.1R7-S8 - List of Fixed issues

PR Number Synopsis Category: Mojito PFE
1480706 Junos OS: EX Series, QFX Series, MX Series, SRX Branch Series: Memory leak in packet forwarding engine due to 802.1X authenticator port interface flaps (CVE-2021-0215)
Product-Group=junos
On Juniper Networks Junos EX series, QFX Series, MX Series, and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other processes, such as the pfex process, responsible for packet forwarding, to crash and restart. Refer to https://kb.juniper.net/JSA11105 for more information.
PR Number Synopsis Category: All issues related to QFX PFE CoS
1510365 Traffic might be forwarded to the incorrect queue when a fixed classifier is used.
Product-Group=junos
If L2 access or vlan bridge IFL is created after fixed classifier is applied, the traffic matching the fixed classifier might be forwarded in unexpected queue, it might cause congestion unexpectedly hence there is traffic impact.
PR Number Synopsis Category: PFE L2
1491669 Junos OS: EX and QFX5K Series: Storm Control does not work as expected when Redundant Trunk Group is configured (CVE-2021-0203)
Product-Group=junos
On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold condition. Refer to https://kb.juniper.net/JSA11093 for more information.
PR Number Synopsis Category: Border Gateway Protocol
1497721 Receipt of certain genuine BGP packets from any BGP Speaker causes RPD to crash.
Product-Group=junos
An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. Refer to https://kb.juniper.net/JSA11024 for more information.
PR Number Synopsis Category: functionality related to Broadband Remote Access Server
1502274 MX Series platforms are not compliant with RFC 2868 and sending RADIUS access request includes tunnel assignment ID for LTS client.
Product-Group=junos
In LTS (L2TP Tunnel Switch) scenario when the MX sending the access-request to the RADIUS (Remote Access Dial-In User Service) for the LTS client, it incorrectly includes the Tunnel-Assignment-ID which is not compliant with RFC 2868. It results in the RADIUS reject the access-request and the LTS client authentification fails.
PR Number Synopsis Category: MX Platform SW - Environment Monitoring
1395539 The minor alarm of "Bottom Fan Tray Pred Fail" might be wrongly raised when the fan speed is at high speed on MX960
Product-Group=junos
On the MX960 a check of the "actual" fan speed is compared to the "set" fan speed. If the difference between the actual fan speed and the set fan speed is greater than 20% the system uses this to predict that the fan might be about to fail. When the fans are set to run in high speed mode, some deviation from the set fan speed is expected to occur with the fans and it is expected to sometimes see a deviation greater than 20%. Going forward this 20% tolerance check will be disabled while running in high speed mode.
PR Number Synopsis Category: PTX Chassis Manager
1380056 Remove the chassisd alarms for FPCs exceeding 90 percent of power budget and exeeding 100 percent of power budget
Product-Group=junos
Starting in Junos OS Release with this change, PTX Series Routers do not raise a chassis alarm in the following events; instead, it registers a system log.
PR Number Synopsis Category: Tracking sw issues related to Channelized 4xOC3/1xOC-12 Mic
1396538 On MX Series platforms, if the channelized OC MIC (such as, 1xCOC12/4xCOC3 CH-CE) is used, the MPC/AFEB/TFEB (Forwarding Engine Board) might crash, generating core files. This is not easily reproducible. The traffic through the MIC might be impacted.
Product-Group=junos
On MX Series platforms, if channelized OC MIC (such as 1xCOC12/4xCOC3 CH-CE) is used, the MPC card/AFEB/TFEB (Forwarding Engine Board) might crash with core files generated. This is not easily reproducible. The traffic through the MIC would be impacted.
1420983 The FPC CPU might be hogged if channelized interfaces are configured
Product-Group=junos
On MX Series platform, with 1xCOC12 or 4XCOC3 used, if channelized interfaces are configured, FPC CPU overuse might be seen.
PR Number Synopsis Category: OpenSSL and related subsystems
1479780 OpenSSL Security Advisory [20 Dec 2019]
Product-Group=junos
The OpenSSL project has published a security advisory for a vulnerability resolved in the OpenSSL library on December 20, 2019. Refer to https://kb.juniper.net/JSA11025 for more information.
PR Number Synopsis Category: Device Configuration Daemon
1350192 The link-degrade-monitor configuration might cause the commit sync failure on backup RE
Product-Group=junos
On Junos platform along with redundant Routing Engine, if both link-degrade-monitor and any other configurations are configured on a port, commit synchronize might fail on the backup RE. If this occurs, the configuration might be lost after switchover and thus it might cause traffic loss.
PR Number Synopsis Category: Express PFE CoS Features
1347805 QFX10000 platforms might encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba".
Product-Group=junos
QFX10000 platforms may encounter a chassis alarm indicating "FPC 0 Major Errors - PE Error code: 0x2100ba". This error is incorrectly categorized as 'Major' and it can be safely ignored unless it is encountered with high frequency. Future Junos releases will recategorize this message to "Info" severity.
PR Number Synopsis Category: Express PFE Services including JTI, TOE, HostPath, Jflow
1431498 IPFIX Flow timestamp is not matching with NTP synchronized system time
Product-Group=junos
The timestamp reported for packet arrival in NetFlow records will report inaccurate time due to the synchronization issue with NTP.
PR Number Synopsis Category: gladiator fabric
1283553 The PTX SPMB might crash after the FPC replacement followed by a SIB restart
Product-Group=junos
Due to a bug in microkernel of Switch Processor Mezzanine Board (SPMB) in PTX Control Board, the SPMB might crash after the FPC replacement followed by a Switch Interface Board (SIB) restart. The crash could cause all SIBs restart, which in turn could result in outage or traffic null route.
PR Number Synopsis Category: PRs for AE/AS/Container on the kernel side
1474300 A newly added LAG member interface might forward traffic even though its micro BFD session is down.
Product-Group=junos
On all Junos platforms, if a static Link Aggregate Group (LAG) is configured, and Bidirectional Forwarding Detection (BFD) is enabled on the LAG which is also called as micro BFD, a newly added member link might start to forward traffic immediately when the configuration change commits even though its micro BFD session is still down, for example, add a new member interface only on single end, and the remote member interface is disabled or not added. Therefore, traffic loss might be seen due to this issue.
PR Number Synopsis Category: jdhcpd daemon
1432162 The jdhcpd memory leak might happen on MX5, MX10, MX40, MX80, and MX104 when testing DHCP subscribers log-in/out.
Product-Group=junos
On MX5/MX10/MX40/MX80/MX104 Series platforms with DHCP server configuration for DHCP subscribers, the jdhcpd memory leak might happen and the memory increase by 15MB which depends on the number of subscribers when testing the DHCP subscribers log-in/out.
PR Number Synopsis Category: slt security platform jweb support
1499280 Security vulnerability in J-Web and Web-based (HTTP/HTTPS) services is observed.
Product-Group=junos
Junos OS: Security vulnerability in J-Web and web-based (HTTP/HTTPS) services (CVE-2020-1631). Refer to https://kb.juniper.net/JSA11021 for more information.
PR Number Synopsis Category: Layer 2 Circuit issues
1498040 VPNs The l2circuit neighbor might be stuck in RD state at one end of the MC-LAG peer.
Product-Group=junos
In MC-LAG scenario, if the l2circuit is configured with primary-neighbor/backup-neighbor over the MC-LAG link and the l2ckt (l2ciruits control daemon for pseudowire) session of the primary-neighbor/backup-neighbor is flapped continuously (such as clear neighbor ldp and ospf etc), one of the remote neighbors may be stuck in RD (the remote pseudowire neighbor is down) state due to race condition between VC (virtual circuit) state update timer and L2ckt intf state change timer. Then, that pseudowire might be down, the traffic might be impacted if the RD pseudowire is not up.
PR Number Synopsis Category: Label Distribution Protocol
1436119 Traffic loss might be seen after the LDP session flaps rapidly.
Product-Group=junos
On MX/PTX platforms under BGP scenario with LDP is enabled, if the knob "ecmp-fast-reroute"/"protect core" is configured, after the LDP session rapidly flaps and converges without any label change, traffic loss might be seen.
PR Number Synopsis Category: Port-based link layer security services and protocols that a
1503010 The replay protection window size is wrongly set if replay-protect for MACsec is enabled with replay-window-size value set to zero
Product-Group=junos
If replay-protect for MACsec is enabled with replay-window-size value set to zero, the size of the replay protection window is wrongly set to max window size.
PR Number Synopsis Category: Bugs related to ethernet interface on MX platform
1367224 I2C error logs are seen when configuring wavelength on tunable SFP+.
Product-Group=junos
I2C error logs are seen when configuring wavelength on tunable SFP+
PR Number Synopsis Category: MX104 Software - Chassis Daemon
1279339 On MX104 platform with GRES enabled, the chassis network-services might not get set as "Enhanced-IP"
Product-Group=junos
On MX104 platform with graceful routing engine switchover (GRES) enabled. The chassis network-services might not get set as "Enhanced-IP" though it is specifically configured. "Disable GRES, then config enhanced-ip" is a workaround for this issue.
PR Number Synopsis Category: Kernel Composite Next Hop (composite / l3vpn) Infrastructure
1287956 Not following the guideline of rebooting entire chassis after changing chassis network-services configuration can cause vmcore and crash of FPCs/routing-engines on chassis.
Product-Group=junos
When configuration at hierarchy [edit chassis network-services] is changed a reboot of chassis is needed to avoid any unexpected behavior. One such behaviour is an assert condition due to issues in nexthop allocation leading to vmcore and reboot of FPCs/REs on the chassis. This PR introduces changes to handle such assert conditions gracefully and to avoid FPC/RE crash. The guideline of rebooting the entire chassis when configuration change is made is still valid.
PR Number Synopsis Category: Kernel-only Base FreeBSD Infrastructure
1453683 FreeBSD-SA-19:20.bsnmp : Insufficient message length validation in bsnmp library (CVE-2019-5610)
Product-Group=junos
The bsnmp software library is a SNMP (Simple Network Management Protocol) implementation included with Juniper Networks Junos OS for the snmpd process. A programming error allows a remote user to read unrelated data or trigger a snmpd process crash. Refer to https://kb.juniper.net/JSA11047 for more information.
PR Number Synopsis Category: Category for ifstate infrastructure issues
1486161 Kernel core might be seen if deleting an ifstate
Product-Group=junos
On all Junos OS platforms, some operations such as configuration change might cause the state information to change and eventually cause the ifstate to be deleted. In a very rare case, deleting an ifstate (kernel state) might cause kernel core and Routing Engine restart. There is no specific trigger. This issue is reported by the configuration change.
PR Number Synopsis Category: Kernel MPLS / Tag / P2MP Infrastructure
1493053 The backup RE may crash if an indirect next-hop is sent by the master RE without associated sgid.
Product-Group=junos
The backup Routing Engine might crash unexpectedly due to a rare timing issue during a route churn in the network.
PR Number Synopsis Category: JUNOS Network App Infrastructure (for ping, traceroute, etc)
1502386 Arbitrary code execution vulnerability in telnet server (CVE-2020-10188).
Product-Group=junos
A vulnerability in the telnetd Telnet server allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. Refer to https://kb.juniper.net/JSA11057 for more information.
PR Number Synopsis Category: This PR category is for tracking only TCP/UDPtransport layer
1449664 FPC might reboot with vmcore due to memory leak.
Product-Group=junos
On all Junos platforms, if the device is up for a long period (e.g. several weeks or months), there might be a slow memory leak happening in some error scenarios where an application tries to send some data on a stale TCP socket (e.g. short-lived TCP connections used by the mgd process), and this issue might lead to FPC reboot with vmcore files.
PR Number Synopsis Category: Kernel Tunnel Interface Infrastructure
1470667 The GRE tunnel might go down in the scenario with IPv4 and IPv6 IPsec service configured
Product-Group=junos
On all Junos platforms running with Generic Routing Encapsulation (GRE) tunnel, if there is also IPv4 and IPv6 IP security (IPsec) service configured, in a corner case, IPsec deferred packet queuing might cause a deferred packet (e.g. a deferred IPv6 packet) to be sent over the same GRE logical interface on which a different packet (e.g. an IPv4 packet) is already being processed, the GRE tunnel might go down due to GRE interface loop detection. This is a timing issue.
PR Number Synopsis Category: OSPF routing protocol
1385014 The rpd process crashes when executing specific show ospf interface commands from the CLI with the configured OSPF authentication.
Product-Group=junos
Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). By continuously executing the same CLI commands, a local attacker can repeatedly crash the RPD process causing a sustained Denial of Service. Refer to https://kb.juniper.net/JSA11030 for more information.
PR Number Synopsis Category: Express Paradise PFE L3 Features
1251154 An FPC major alarm might be seen with error messages "DLU: ilp memory cache error" and "DLU: ilp prot1 detected_imem_even error"
Product-Group=junos
On PTX platforms with FPC3, PTX1000 with build-in chassis and QFX10000 platforms, a Flexible PIC Concentrator (FPC) major alarm might be seen if the system detects parity error, and the error messages "DLU: ilp memory cache error" and "DLU: ilp prot1 detected_imem_even error" might appear. The alarm might be cleared without intervention. This error may also be accompanied by traffic loss.
PR Number Synopsis Category: Path computation client daemon
1472825 Manually configured ERO on NS controller lost when PCEP session bounced
Product-Group=junos
On all Junos platform with Path Computation Element Protocol (PCEP) enabled, if PCEP session bounced druing Routing Engine (RE) switchover on a LSP ingress router, unexpacted delete message might be sent from Path Computation Client (PCC) to Path Computation Element (PCE) with North Star (NS) controller. In the end, manually configured explicit route object (ERO) for RSVP-TE based label switched path (LSP) on NS controller will be lost. However, traffic go through ERO set on NS controller is still normal.
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1479789 Multicast routes add or delete events might cause adjacency and LSPs to go down.
Product-Group=junos
In PTX5000 platform with (FPC2-PTX-P1A | FPC-PTX-P1A), or PTX3000 with FPC-SFF-PTX-P1-A, with PIM/MVPN scenario, The adjacency relationships of routing protocols and LSPs might go down if add/delete some multicast routes (which can be achieved by flapping interface or protocol) ). It is because that though the routes are deleted, its counter for statistic will not be removed from Junos resulting in memory block for counter exhaustion. And due to the exhaustion, any protocols that are sharing the same memory scope might fail to allocate its own counter, which eventually causes protocol adjacency and LSPs to go down. [TSB17747]
PR Number Synopsis Category: Periodic Packet Management Daemon
1448670 The connection between ppmd (Routing Engine) and ppman (FPC) might get lost due to session time out.
Product-Group=junos
Under certain circumstances such as JUNOS VM freeze at the Routing Engine, ppmd to ppman connection might be closed if the session timeout is greater than 3 seconds in either direction. This might lead to flapping of distributed ppm protocol adjacency such as lacp/mBFD.
PR Number Synopsis Category: Issues related to Junos SNMP Infrastructure (snmpd, mib2d)
1364001 SNMP process crashes during polling CFM stats
Product-Group=junos
During polling Ethernet Connectivity Fault Management protocols stats SNMP process may crash
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1405917 The FPC crash might be observed in MS-MPC HA environment
Product-Group=junos
On MX Series platform with MS-MPC card used, in race condition, if the MS-MPC is used on HA (High Availability) scenario ( the 'set interfaces ms-x/x/x redundancy-options redundancy-peer/redundancy-local' knob and GRES is configured), the FPC might crash due to the bus error (segmentation fault). The reason is that two CPUs simultaneously access the same session-extension memory in the session structure, one for writing, the other for reading. A reading CPU gets an incorrect value and uses that as the memory address. This causes the bus error (segmentation fault).
1441517 Junos OS: MX Series: MS-MPC/MIC might crash when processing malformed IPv6 packet in NAT64 configuration. (CVE-2020-1680)
Product-Group=junos
On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. Refer to https://kb.juniper.net/JSA11077 for more information.
1489942 Prolonged flow control might occur with MS-MPC or MS-MIC.
Product-Group=junos
On MX platforms with MS-MPC/MS-MIC, datapath is getting blocked due to incorrect handling of fragment packets with payload size 0. When the datapath is blocked for more than 5 seconds, it is identified as Prolonged flow control, and the pic is rebooted. Core dump is generated if dump-on-flow-control is enabled.
PR Number Synopsis Category: platform related PRs on SRX branch platforms
1289649 Junos OS: SRX and NFX Series: Insufficient Web API private key protection (CVE-2020-1688)
Product-Group=junos
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. Refer to https://kb.juniper.net/JSA11085 for more information.
PR Number Synopsis Category: Issues related to mgd, DAX API, DDL/ODL infrastructure, Juno
1423500 Configuration commit might fail when the file system gets into full state.
Product-Group=junos
On all platforms running Junos OS, when the file system gets into the Full state and there is not enough spare disk space, it might get into a problematic system condition while committing the configuration. After that, if the consecutive commits are still done in such a problematic condition, commit-check failure logs might be seen eventually. Due to this issue, some processes might not run even if the configuration is present.
 

16.1R7-S8 - List of Known issues

PR Number Synopsis Category: ESWD
1192520 GARPs are being sent from the switch once in every 10 minutes.
Product-Group=junos
GARPs were being sent whenever there was a MAC (fdb) operation (add or delete). This is now updated to send GARP when the interface is up and l3 interface attached to the VLAN.
PR Number Synopsis Category: All issues related to L3 data-plane/forwarding
1443507 IPv6 connectivity between MC-LAG peers might fail when multiple IRB interfaces are present.
Product-Group=junos
On all Junos platforms which are enabled with MultiChassis Link Aggregation Group (MC-LAG), if there are multiple Integrated Routing and Bridging (IRB) interfaces present, and the Inter Chassis Link (ICL) is also connected over an IRB interface, when both MC-LAG peers have not learnt link-local addresses and IPv6 ping is firstly initiated from the remote peer, the Neighbor Solicitation (NS) packet might take ICL path and couldn't get answered properly.
PR Number Synopsis Category: agentd software daemon
1248813 "telemetry_start_polling_fd: evSelectFD failed, errno: 9" messages are continuously seen in the log
Product-Group=junos
The error messages "Telemetry_start_polling_fd: evSelectFD failed, errno: 9" are continuously seen in logs. These are cosmetic logs and harmless. As a workaround, configure "set system processes SDN-Telemetry disable" and "deactivate groups junos-defaults routing-options enable-sensors" if telemetry is indeed not needed/configured to prevent the issue of error logs.
PR Number Synopsis Category: PRs related to Aloha SW
1454595 The 100-Gigabit Ethernet interfaces might not come up again after going down on MPC3E-NG.
Product-Group=junos
On MPC3E-NG cards with 100G interface in use, if the interface detects Loss of Lock (LOL) on the link without Loss of Signal (LOS), the interface will go down and may not come up again after the link is recovered.
PR Number Synopsis Category: Border Gateway Protocol
600308 JUNOS BGP Established state is not shown in "show bgp summary" if only primary routing instance is present
Product-Group=junos
When only the default routing-instance is present, the command "show bgp summary" does not show the BGP ESTABLISH state. If the BGP state is not an ESTABLISHED state, then it shows the state as design (that is, Active, Idle, Connect). If there is a routing-instance configured (apart from primary routing-instance inet.0), the BGP ESTABLISH state is shown properly. The issue happens for IPv4 BGP sessions only; on IPv6 all the BGP states are seen as default.
1403186 All the BGP session flap after RE switchover
Product-Group=junos
With GRES and NSR enabled, if executing RE switchover, BGP session might flap in some scenario. When Junos version have the fix of PR-1440694, BGP session always flap after doing RE switchover.
1447601 On the MX2000 and PTX10000 lines of devices , Layer 3 VPN PE-CE link protection exhibits unexpected behavior.
Product-Group=junos
In L3VPN PE-CE link protection scenario with MX2K/PTX10K platforms, the external and internal BGP (EIBGP) multipath route might be advertised with an unexpected VPN label if IBGP backup path is present. When the backup IBGP path goes away, it will get the correct VPN label like other routes.
1487486 The rpd might crash with BGP RPKI enabled in a race condition
Product-Group=junos
On all Junos platforms with BGP PRKI (Resource Public Key Infrastructure) scenario, if NSR is enabled and scale routes and ROAs exist, in a very rare case, the ROA (route origin authorization) might be withdrawn before replicating to the backup RE when ROA changes happen, which results in the rpd crash.
1517498 The rpd might crash after deleting and re-adding a BGP neighbor.
Product-Group=junos
In BGP scenario on all Junos platforms, after deleting and re-adding a BGP neighbor, the rpd might crash due to a rare timing issue.
1523075 The BGP session with VRRP virtual address might not come up after a flap.
Product-Group=junos
When VRRP virtual address is configured and used to set up a BGP session with the remote side, under rare timing conditions, BGP peer establishment may get rejected repetitively.
PR Number Synopsis Category: Cassis pfe microcode software
1298161 In some MX Series deployments running Junos OS, the following random syslog messages are observed for FPCs: fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left. These messages might not have a service impact. These messages are addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored.
Product-Group=junos
In some MX Series deployments running Junos OS, random syslog messages are observed for FPC cards: "fpcx ppe_img_ucode_redistribute Failed to evict needed instr to GUMEM - xxx left". These messages are not an issue and might not have a service impact. These messages will addressed as INFO level messages. On a Packet Forwarding Engine, there are dedicated UMEM and shared GUMEM memory blocks. This informational message indicates some evicting events between UMEN and GUMEN and can be safely ignored.
1303489 The following error message is observed: DROP protect_regs error (status=0x8).
Product-Group=junos
Due to parity error in queue memory a major alarm and following messages are generated: messages log: fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8) alarmd[3158]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC x Major Errors Major alarm set, FPC x Major Errors fpcx XQCHIP(46):XQ-chip[0]: DROP protect_regs error (status=0x8). - This message with status 0x8 has no service impact. - PR/1481558 has perform software changes and move the severity from Major to Minor. - FPC restart is needed to clear off this alarm, otherwise this error message will be generated every 60 seconds.
1380566 FPC Errors might be seen in subscriber scenario
Product-Group=junos
In subscriber scenario, if the"service-accounting-deferred" is configured on dynamic-profile, and there is multicast to a large number of destinations on the same physical port, the FPC Errors might be seen.
PR Number Synopsis Category: Enhanced Broadband Edge support for cos
1407480 FPC may crash shortly after XQ chip memory read failure
Product-Group=junos
In a rare scenario XQ based FPC may reset shortly after it encounters XQ chip memory read failure.
PR Number Synopsis Category: QFX Access Control related
1515972 "dot1x" memory leak
Product-Group=junos
Memory leak is seen in 'dot1xd' daemon when no 'dot1x' is configured. Memory leak is seen for the allocation while creating socket from 'dot1xd' daemon to 'authd' daemon. If 'authd' is not running , 'dot1xd' daemon tries to connect to 'authd' periodically and every time it was allocating memory for string "/var/run/authd_control" for socket creation. The memory does not free in this scenario and we see memory leak for string "/var/run/authd_control". There will be no service impact to other services/daemons other than dot1x.
PR Number Synopsis Category: OpenSSH and related subsystems
1508253 Junos OS: SRX Series: Integrated User Firewall OpenLDAP vulnerability resolved (CVE-2019-13565)
Product-Group=junos
A vulnerability that allows an unauthenticated remote attacker to obtain access that would otherwise be denied in the Simple Authentication and Security Layer (SASL) implementation that is part of the OpenLDAP third party software package has been resolved in Juniper Networks SRX Series configured with Integrated User Firewall. Refer to https://kb.juniper.net/JSA11088 for more information.
PR Number Synopsis Category: Device Configuration Daemon
1519334 Buffer overflow vulnerability in a device control daemon is observed.
Product-Group=junos
A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. Please refer to https://kb.juniper.net/JSA11061 for more information.
PR Number Synopsis Category: This is for all defects raised against dns-proxy feature
1168322 Junos OS: SRX Branch Series and vSRX Series: Multiple vulnerabilities in ISC BIND named. (CVE-2016-1285, CVE-2016-1286)
Product-Group=junos
ISC BIND software included with Junos OS on SRX Branch Series and vSRX devices has been upgraded to resolve multiple vulnerabilities. These issues are only applicable to SRX Branch Series and vSRX Series with DNS Proxy server enabled. Refer to https://kb.juniper.net/JSA10994 for more information.
PR Number Synopsis Category: JUNOS Dynamic Profile Configuration Infrastructure
1258744 The device control process (dcd) crashes during the ATM-related configuration commit.
Product-Group=junos
In a subscriber service environment, the device control process (dcd) might restart unexpectedly during commit process after changes to ATM interface configuration.
PR Number Synopsis Category: Inline Jflow PRs for defect & enhancement requests
1362887 The inline J-Flow sampling configuration might cause FPC crash on MX Series platforms.
Product-Group=junos
On MX-series platforms, if the inline-jflow "nexthop-learning" knob is configured, when the sampling removes one next-hop, the FPC might crash. It is not easily reproducible and it is a rare issue.
PR Number Synopsis Category: PRs for AE/AS/Container on the kernel side
1346949 After an FPC becomes online or child interface added to ae bundle in config, traffic loss might be experienced for around 30 seconds till LACP reaches operational state. If child link stays detached in LACP, traffic loss will continue.
Product-Group=junos
On the Trio-based platform with "enhanced-ip" enabled which is enabled by default on MX80, MX104, MX 2010, MX2020, and MX10003, if the aggregate interface is initialized before the child interface is marked as part of the aggregate after FPC becomes online or child interface added to ae bundle in config, the traffic goes out from the ae interface might lose for around 30 seconds till LACP reaches operational state. If child link stays detached in LACP, traffic loss will continue.
1425211 Interface with FEC disabled might flap after Routing Engine mastership switchover.
Product-Group=junos
By default, RS-FEC (Reed-Solomon Forward Error Correction) is enabled for 100G SR4/PSM4 optics and disabled for 100G LR4 optics. The "set interfaces xx gigether-options fec" knob was introduced in Junos OS Release 16.1R1, it can be used to override the default behavior and explicitly enable/disable FEC for a 100G interface. In GRES scenario, when a 100G interface with SR4/PSM4 optics (e.g. QSFP-100GBASE-SR4/QSFP-100G-PSM4) is a member of an AE interface, and FEC is disabled on AE (knob "gigether-options fec none" is configured), the interface might flap during RE mastership switchover. After that, the interface will come up itself and this issue will recover automatically.
PR Number Synopsis Category: jpppd daemon
1350563 Spontaneous jpppd generates core files on the backup Routing Engine in a longevity test at ../../../../../../src/junos/usr.sbin/jpppd/pppMain.cc:400.
Product-Group=junos
In L2TP scenario when MX router functions as LTS (L2TP Tunnel Switch), there is a memory leak in jpppd process running on the backup RE, which will eventually lead to jpppd core dump due to out of memory condition. There is no functional impact as it happens on the backup RE.
PR Number Synopsis Category: IPSEC/IKE VPN
977435 Junos OS: SRX Series: An attacker sending spoofed packets to IPSec peers may cause a Denial of Service. (CVE-2020-1657)
Product-Group=junos
On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel; Refer to https://kb.juniper.net/JSA11050 for more information.
PR Number Synopsis Category: slt security platform jweb support
1518212 Junos OS: Privilege escalation in J-Web due to arbitrary command and code execution via information disclosure from another users active session (CVE-2021-0210)
Product-Group=junos
An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. Please refer to https://kb.juniper.net/JSA11100 for more information.
PR Number Synopsis Category: Layer 2 Circuit issues
1512834 The rpd might crash when deleting l2circuit configuration in a specific sequence.
Product-Group=junos
If l2circuit local-switching is enabled with connection-protection, the rpd could crash in the following configuration change sequence. 1. First, delete the logical interface (IFL) used by a l2circuit and commit the change. 2. Then, delete the corresponding l2circuit configuration. The rpd could crash after committing the change.
PR Number Synopsis Category: Application specific PRs (cos/snmp/time-sync/routing/BRAS)
1255542 General Routing Load balancing is uneven across aggregated Ethernet member links when the aggregated Ethernet bundle is part of an ECMP path. The aggregated Ethernet member links must span the Virtual Chassis members.
Product-Group=junos
Load balancing is uneven across Aggregated Ethernet (AE) member links when the AE bundle is part of an equal cost multipath (ECMP). The AE member links need to span Virtual Chassis members.
PR Number Synopsis Category: Multiprotocol Label Switching
1467278 The rpd might crash in PCEP for the RSVP-TE scenario.
Product-Group=junos
In PCEP (Path Computation Element Protocol) with RSVP Traffic Engineered LSP (TE LSP) scenario, the two LSPs with the same TE LSP name might be shared between Path Computation Element (PCE) and Path Computation Client (PCC) in some rare cases. Then, if the configuration of LSP is delegated from CLI and externally controlled by PCC at the same time, the rpd might be crashed.
PR Number Synopsis Category: Multi Protocol Label Switch Operations, Admin & Maintenance
1328058 JSA10877 2018-10 Security Bulletin: Junos OS: RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043)
Product-Group=junos
The RPD daemon crashes upon receipt of specific MPLS packet (CVE-2018-0043); Refer to https://kb.juniper.net/JSA10877 for more information.
1399484 The rpd process might crash when executing "traceroute mpls bgp"
Product-Group=junos
When traceroute is performed to a remote host for an MPLS LSP using the command "traceroute mpls bgp", in very rare cases, it is possible that mplsoam process is holding the stale BGP instance handle in the query to the rpd process to get the information for the Forwarding Equivalence Class (FEC). Hence rpd crash might occur because of the invalid instance and cause traffic impact until rpd comes back up.
PR Number Synopsis Category: MX104 Software - Kernel
1223979 On the MX104 router, CPU hog or busy state occurs with the sporadic L2C access error message and false alarms.
Product-Group=junos
In MX104, when RE CPU usage is going high, sporadic I2C error message would be shown up. Since the situation would be temporary, the I2C access may success in next polling and there would be no impact.
PR Number Synopsis Category: Track Mt Rainier RE platform software issues
1220061 The routers equipped with NG-REs might raise memory size mismatch alarm after upgrade
Product-Group=junos
MX or PTX series routers equipped with NG-REs might raise memory mismatch alarm which is cosmetic.
1408480 The alarm 'Mismatch in total memory detected' is observed after issuing "request reboot vmhost routing-engine both".
Product-Group=junos
Alarm 'Mismatch in total memory detected' is observed after reboot vmhost both.
1498966 Downgrade fails on RE-S-X6-64G-LT-S SKU to junos below 17.2R1
Product-Group=junos
Downgrade to junos version 17.2 below with RE-S-X6-64G-LT-S will fail with below errors > request vmhost software add junos-vmhost-install-mx-x86-64-16.1R7-S6.1-limited.tgz warning: Packages /var/home/remote-su/junos-vmhost-install-mx-x86-64-16.1R7-S6... is not limited edition and can not be loaded on this RE, please try the supported version
PR Number Synopsis Category: Category for ifstate infrastructure issues
1379657 Protocol adjacency might flap and FPC might reboot if jlock hog happens
Product-Group=junos
On all platforms and in scaling scenario, if doing some operations which causes jlock hog, the protocols adjacency might flap and all the FPCs might reboot.
PR Number Synopsis Category: PRs requiring triage and/or fix in the PFE Peer Infra
1209308 Protocol may flap
Product-Group=junos
In some rare scenarios, TCP keepalive may timeout on the local sockets between the primary Routing Engine and the FPCs. The problem caused by a delay in packet processing on em0 interface, or delay in processing keepalive packets during network instability events. The results are protocol flap events.
PR Number Synopsis Category: This PR category is for tracking only TCP/UDPtransport layer
1370803 Junos TCP application might be affected if zero window condition persists
Product-Group=junos
In some scenarios, Zero Window Attack flag not being correctly handled in JUNOS, causing BGP sessions to flap. The BGP TCP session should never be RST in scenarios where Zero Window Condition persists.
1394370 The command "commit synchronize" might fail because several internal connections are stuck
Product-Group=junos
Command "commit synchronize" might fail due to kernel TCP socket stuck, the stuck can also result in login failure to the Backup RE from Primary RE or to an FPC.
PR Number Synopsis Category: Path computation client daemon
1442598 A few Path Computation Element Protocol (PCEP) logs are marked as error even though they are not an error. The severity of those logs is now marked as INFO.
Product-Group=junos
1. Connection with rpd established! 2. Switched to primary mode 3. received SIGHUP, handle configuration 4. Switched to backup 5. PCCD mastership is: %d 6. Delegation retry timedout: LSP id: %d with PCE: %s 7. Connection with pce %s (%s:%u) successful 8. Connection to pce %s (%s:%u) failed 9. PCCD received message '%s' from libpcep 10. PCClose received from PCE. Switching to new main PCE 11. No protocol trace configuration found 12. Could not get pce-group id from pce
PR Number Synopsis Category: PTX5KBroadway based PFE IPv4, IPv6 software
1254415 On the PTX Platform with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP.
Product-Group=junos
On the PTX Platform with FPC-PTX-P1-A or FPC2-PTX-P1A, you might encounter a single event upset (SEU) event that might cause a linked-list corruption of the TQCHIP. The following syslog message gets reported: Jan 9 08:16:47.295 router fpc0 TQCHIP1: Fatal error pqt_min_free_cnt is zero Jan 9 08:16:47.295 router fpc0 CMSNG: Fatal ASIC error, chip TQ Jan 9 08:16:47.295 router fpc0 TQ Chip::FATAL ERROR!! from PQT free count is zero jan 9 08:16:47.380 router alarmd[2427]: Alarm set: FPC color=RED, class=CHASSIS, reason=FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 Jan 9 08:16:47.380 router craftd[2051]: Fatal alarm set, FPC 0 Fatal Errors - TQ Chip Error code: 0x50002 The Junos OS Chassis Management error handling detects such a condition, raises an alarm, and disables the affected Packet Forwarding Engine entity. To recover this Packet Forwarding Engine entity, restart the FPC. Contact your Juniper support representative if the issue persists even after the FPC restarts.
PR Number Synopsis Category: Periodic Packet Management Daemon
1003991 FPC packet buffer memory leak due to continuous delegated BFD session flapping
Product-Group=junos
 
PR Number Synopsis Category: Routing Information Protocol
1508814 The rpd crash might occur due to RIP updates being sent on an interface in the down state.
Product-Group=junos
When RIP with p2mp (point-to-multiple) is configured on an interface in down state, in a very corner case, routing daemon might crash while sending RIP updates to an interface which is already down.
PR Number Synopsis Category: RPD Next-hop issues including indirect, CNH, and MCNH
1276044 Routing Protocol Daemon(RPD) might crash with core-dump if forwarding-table export policy with 'install-nexthop' is configured
Product-Group=junos
Routing Protocol Daemon(RPD) might crash with core-dump if forwarding-table export policy with 'install-nexthop' is configured and that LSP is not available
1370174 The rpd might crash after Routing Engine switchover is performed or the rpd is restarted if interface-based dynamic GRE tunnel is configured.
Product-Group=junos
With interface-based Dynamic GRE Tunnel configured, there might be 2 next-hops for a single dynamic GRE tunnel when a new route is resolved over the dynamic tunnel after RE switchover is performed or the rpd is restarted. Subsequent withdrawal of the routes over that tunnel or primary Routing Engine restarting will cause the rpd crash. This issue is introduced in PR 1202926 (which is fixed in 15.1F7 16.1R4 16.2R1-S6 16.2R1-S6-J1 16.2R2 17.1R2-S7 17.1R2-S8 17.1R3 17.2R1).
1534455 Some routes might get incorrectly programmed in the forwarding table in the kernel which is no longer present in rpd.
Product-Group=junos
In a scaled routes scenario, if there is any route change operation when the system is under memory pressure, the rpd might change a route entry but the same is not conveyed to the kernel. This causes a mismatch between routes in rpd and kernel leading to traffic blackhole for the mismatched route entries that are incorrectly programmed in the kernel.
PR Number Synopsis Category: RPD route tables, resolver, routing instances, static routes
1457955 An aggregate route with BGP contributing routes may flap in some scenarios as expected
Product-Group=junos
Aggregate route with BGP contributing routes may flap in some scenarios as expected. The reasons is, by default, aggregate route carries some BGP attributes like AS-PATH, originator, cluster. Aggregate route inherits those attributes from active contributing routes. If one or few contributing routes adding/deleting/changing happens, while other contributing routes are still stable, aggregate route may refresh since its attributes got changed. If this aggregate route is exported into BGP, a BGP update will be sent to downstream router with updated attributes, causing a service impact. Reference page: https://www.juniper.net/documentation/en_US/junos/topics/concept/policy-aggregate-routes.html
PR Number Synopsis Category: show route table commands, tracing, and syslog facilities an
1198032 'show configuration routing-options flow' should disply then action statements followed by the match conditions
Product-Group=junos
The sequence of statements in the output of show configuration routing-options flow operational command has changed to improve readability. The then statements are now displayed after the match conditions in a logical sequence.
PR Number Synopsis Category: Resource Reservation Protocol
1493718 JSA11098 Junos OS and Junos OS Evolved: In bidirectional LSP configurations, on MPLS egress router RPD may core upon receipt of specific malformed RSVP packet. (CVE-2021-0208)
Product-Group=junos
An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in use, which when received by an egress router crashes the RPD causing a Denial of Service (DoS) condition. Please refer to https://kb.juniper.net/JSA11098 for further information.
PR Number Synopsis Category: Non sparks issues in jflow/monitoring services
1284918 The sampled route reflector process (srrd) might crash in the large routes churn situation.
Product-Group=junos
When the FPCs are busy in high churn scenarios, because the srrd thread in the Packet Forwarding Engine has low priority, CPR resources are insufficient to process the messages sent by srrd process. Due to this, the queue for these busy FPCs are piling in srrd and eventually leading to crash. Refer to the description for the details.
PR Number Synopsis Category: Generic platform and infra issues for MS-MIC and MS-MPC(XLP)
1415119 Only 40 MS-PICs (10 MS-MPC cards) can be in the ACTIVE state even if more than 10 MS-MPC cards are inserted in the MX2020 chassis
Product-Group=junos
On MX2020 platform, at most 40 MS-PICs (10 MS-MPC cards) can be in the ACTIVE state even if more than 10 MS-MPC cards are inserted in the MX2020 chassis.
1453811 Delay in freeing processed defragment buffers lead to prolonged flow control and might crash.
Product-Group=junos
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Refer to https://kb.juniper.net/JSA11037 for more information.
PR Number Synopsis Category: PRs for SFW, CGNAT on MS-MIC/MS-MPC (XLP)
1335956 In an MS-MPC or MS-MIC in ALG scenario, the MAC_STUCK message might be observed and traffic might be dropped.
Product-Group=junos
In an MS-MPC or MS-MIC in ALG scenario, the MAC_STUCK message might be observed and traffic might be dropped.
PR Number Synopsis Category: Stout cards (MPC7, MPC8, MPC9, SFB2, MRATE & 8x100 MICs)
1354070 The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD
Product-Group=junos
The log of "SMART ATA Error Log Structure error: invalid SMART checksum." might be seen on FPC with WINTEC mSata SSD
PR Number Synopsis Category: Interface Issues seen on Stout cards (MPC7, MPC8, MPC9)
1441816 Egress stream flush failure and traffic black hole might occur.
Product-Group=junos
Egress stream flush failure and silent dropping of traffic could occur in a rare occasion for a repeatedly flapping link on MPC7E, MPC8E, MPC9E cards, MX204 and MX10003.
PR Number Synopsis Category: Trinity LU, IX, QX, MQ chip drivers, ucode & related SW
1059137 An enhancement for reporting CM-ERRORs when memory parity errors occur within MPC pre-classifier engines
Product-Group=junos
On MX Series routers, parity memory errors might occur in pre-classifier engines within an MPC. Packets are silently discarded because such errors are not reported and hence harder to diagnose. CM errors such as syslog messages and alarms should be raised when parity memory errors occur.
PR Number Synopsis Category: Issues related to broadband edge apps (PPP, DHCP) on Trio ch
1308000 Enhanced Subscriber Management: Targetting for subscribers terminated in non-default routing-intance is supported from 17.3R2
Product-Group=junos
Enhanced Subscriber Management: For subscribers terminated in routing-instance, targeting will be supported from 17.3R2 onwards. With current code subscribers may come up but traffic towards subscriber may be dropped at MX as it is not support in current release.
1401808 FPC core files due to a corner case scenario (race condition between RPF, IP flow).
Product-Group=junos
In a subscriber management deployment where the Reverse-Path-Forwarding (RPF) check and MAC check is enabled, a race condition might cause software failure and resulted in a Flexible PIC Concentrator (FPC) to restart.
PR Number Synopsis Category: trinity pfe qos software
1382288 One single port with Dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers seen now.
Product-Group=junos
One single port with dual stack subscribers pppoe/dhcpv6 drop all the connections and no subscribers are seen.
1418602 FPC log messages: "Q index(xxxxx) is not allocated"
Product-Group=junos
The cause of the messages is a race condition. For each IFL, IFLSET or IFD object, HALP statistics module reads stats values from hardware for the individual queues. HALP stats module is implemented as a separate stats thread and while stats thread is waiting, PFEMAN thread may assign different queues to the IFL/IFLSET/IFD object. After stats thread gets CPU back, before reading HW for the next queue, stats thread needs to validate that queue is still applicable, which fails if we see the message. The messages are harmless and can be ignored.
PR Number Synopsis Category: Interface based services (map-e, 6rd, ip-reassembly) on TRIO
1465490 On MPC7, MPC8, and MPC9, WO packet error and FPC major alarm are observed when reassembling the small fragments.
Product-Group=junos
When a device is running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, and GRE, the Packet Forwarding Engine is disabled upon receipt of small fragments requiring reassembly. Refer to https://kb.juniper.net/JSA11036 for more information.
PR Number Synopsis Category: trinity pfe l3 forwarding issues
1474154 Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation (CVE-2020-1655)
Product-Group=junos
When a device is running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by MAP-E, the Packet Forwarding Engine is disabled upon receipt of large packets requiring fragmentation. Refer to https://kb.juniper.net/JSA11041 for more information.
PR Number Synopsis Category: DDos Support on MX PR category
1377899 Junos OS: MX series/EX9200 Series: IPv6 DDoS protection does not work as expected. (CVE-2020-1665)
Product-Group=junos
On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. Refer to https://kb.juniper.net/JSA11062 for more information.
PR Number Synopsis Category: Authentication, Authorization, Accounting, PAM (RADIUS/tacpl
1233649 additional fix for timing issue that can cause auditd core
Product-Group=junos
additional fix for timing issue that can cause auditd core, covered several corner cases to prevent core related to PR1191527
PR Number Synopsis Category: Issues related to configuration management, ffp, load action
1267433 The commitd process might generate a core file when removal of certain configuration is followed by a commit operation.
Product-Group=junos
Core file is generated by commitd when deletion for a certain configuration is committed. Configuration is properly changed after commit even though core file remains.
PR Number Synopsis Category: Virtual Private LAN Services
1295664 Layer 2 Features LSI interface might not be created, causing remote MACs not to be learned and display of the following error log: RPD_KRT_Q_RETRIES: ifl iff add: Device busy".
Product-Group=junos
With VPLS being configured, after upgrade to 15.1/16.1/17.x releases, in some circumstances VPLS LSI interface are not correctly created, causing remote MACs not being learnt and L2 VPLS outage. The issue is not reproduced and the code change is not a fix but add a instrumentation using a hidden command 'show vpls ipc-history', which should be captured right away when the issue is seen on latest releases. show vpls ipc-history <<<<< show vpls connections show krt queue show route forwarding-table extensive /var/log/messages
PR Number Synopsis Category: Virtual Router Redundancy Protocol
1305327 VRRP could not support IFLs using the same group ID in VRRP delegated-process mode
Product-Group=junos
If one IFL changes VR (virtual-router) state from Master to Backup, traffic might black-holed for other IFLs which shares the same group ID on an IFD.
 

 

Modification History:
Updated 2021-03-29 since the previous publication has inaccurate information on the list of "Known Issue"
First publication 2020-07-13
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search