Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Resolved Issues


The following issues are resolved in Juniper Networks CSO Release 4.1.0:

  • In an HA setup, users are not able to log into CSO for about five minutes after one of the central servers hosting the HAproxy VRRP master has been brought down.

    Bug Tracking Number: CXU-28255

  • If an infrastructure node goes down in a HA setup in which all nodes were previously up, and you create a firewall policy and try to deploy the policy, the deployment job is stuck in the in-progress state and a Redis timeout error is displayed in the job log.

    Bug Tracking Number: CXU-24559

  • When a certificate renewal is triggered from the VPN Authentication page under the Certificate tab, the certificate table becomes empty after renewing the certificate.

    Bug Tracking Number: CXU-25561

  • In some cases, when power fails, the ArangoDB cluster does not form.

    Bug Tracking Number: CXU-20346

  • In a HA setup, if you shut down all the CSO servers, after the servers are restarted successfully, MariaDB and ArangoDB fail to form their respective clusters.

    Bug Tracking Number: CXU-21819

  • In a HA setup, if you onboard devices and deploy policies on the devices and if one of the policy deployments is in progress when a microservices or infrastructure node goes down, the deployment job is stuck in the In Progress state for about 90 minutes (the default timeout value), and you cannot perform deploy operations for the tenant for about 90 minutes.

    Bug Tracking Number: CXU-21922

  • You cannot access the Administration Portal login page if the flannel network subnet is changed.

    Bug Tracking Number: CXU-23736

  • Link affinity does not work when there are multiple links with the same cost. There may be frequent switch between equal cost links and that might cause network flapping.

    Bug Tracking Number: CXU-27969

  • When all local breakout links are down, site to Internet traffic fails even though there is an active overlay to the hub.

    Bug Tracking Number: CXU-19807

  • In a hub-and-spoke topology with multitenancy enabled, when a spoke site is configured with two MPLS and two Internet links with MPLS selected as the default, traffic from the hub to the spoke site takes the same path instead of taking the path (link) on which the traffic was received by the hub (incoming WAN link). However, there is no traffic loss.

    Bug Tracking Number: CXU-23197

  • When a certificate renewal is triggered from the VPN Authentication page under the Certificate tab, the certificate table becomes empty after renewing the certificate.

    Workaround: Refresh the Certificate page to display the required certificate details.

    Bug Tracking Number: CXU-25561

  • On the Identity Management page, if you click Download JIMS, the Juniper Identity Management Service (JIMS) software is downloaded in HTML format.

    Bug Tracking Number: CXU-24278

  • ZTP for NFX150 may fail before creating the vlink. Though ZTP goes through successfully on retry, service chain activation may fail.

    Bug Tracking Number: CXU-27967

  • On the Configure Site page, the values that you specify for the time zone and the IP address of the NTP server are not being pushed to the device.

    Bug Tracking Number: CXU-23971

  • The Configure Site operation for a cloud spoke site fails.

    Bug Tracking Number: CXU-24795

  • In an HA setup, the Synchronize_Device_Inventory job that was triggered as part of load_service remains incomplete in an unknown state. However, this does not impact any of the workflows.

    Bug Tracking Number: CXU-28004

  • When users rebuild a small deployment with the UI installer and using custom-generated certificates, the underlay tunnels for the NFX250 device remain down if there is a mismatch between the default host name and the custom-generated host name.

    Bug Tracking Number: CXU-27976

  • If you upload images with the same filename for two different device families, the file gets overwritten.

    Bug Tracking Number: CXU-27713

  • For spokes connected to MX hub, OAM tunnels are displayed in the data overlay section of the Monitor > Overview page and the Sites > WAN pages of the administration portal. This does not have any functional impact.

    Bug Tracking Number: CXU-27449

  • In high-availability setups where the login page and logo have been updated, the old login image gets displayed occasionally when the page is refreshed.

    Bug Tracking Number: CXU-27037

  • In an SD-WAN, traffic from LAN to WAN stops after a single-legged Ubuntu VNF has been brought up. This problem occurs because of port cross connect between the left interface of VNF and GWR interface (on NFX250) or Flowd tap interface (for NFX150).

    Bug Tracking Number: CXU-26282

  • GRE tunnel fails to come up online when a new site is added. This problem occurs because the new site uses the PPPoE IP that was originally-assigned to the tunnel even though the tunnel IP has since changed because of renegotiation by PPPoE.

    Bug Tracking Number: CXU-26606

  • GWR may fail to come up after an NFX device image has been upgraded.

    Bug Tracking Number: CXU-24823

  • If one or more VRRs are down, jobs might take a long time to complete, or, in some cases, fail.

    Bug Tracking Number: CXU-23710

  • The image upgrade of the vSRX gateway router on NFX Series devices by using the CSO GUI is not supported.

    Bug Tracking Number: CXU-23804

  • On an NFX Series device with a Ubuntu VNF instantiated, if you use SSH to do log in to the VNF by using the loopback IP address (configured for secure OAM) with port 49154, the connection does not work.

    Bug Tracking Number: CXU-23953

  • For a device that is provisioned for an OpCo tenant, the software image upgrade fails if you try to upgrade the software image from the Device Images page.

    Bug Tracking Number: CXU-25663