Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Issues

 

This section lists known issues in Juniper Networks CSO Release 5.0.0.

SD-WAN

  • When you add or remove any intent on the SD-WAN Policy page, a +0 is added after every element even though you selected only one element.

    Workaround: This does not have any functional impact. The +0s disappear when you refresh the page.

    Bug Tracking Number: CXU-32068

  • When frequent link switches happen, the application throughput data displayed on Monitor> Application SLA Performance page and Resources > Site management > Site details > WAN page might vary.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-33050

Site and Tenant Workflow

  • An error occurs when you modify an SD-WAN rule that has a site group as source.

    Workaround: Instead of modifying an existing rule, add a new rule with the required changes and the site group as the source.

    Bug Tracking Number: CXU-36715

  • When you create an SD-WAN site with an EX switch for the branch network by using a site template, CSO fails to deploy configuration to the primary enterprise hub if there are more than one enterprise hub sites.

    Workaround: When there are more than one enterprise hub sites, do not use site templates to create sites.

    Bug Tracking Number: CXU-36513

  • When you create an SD-WAN site with an EX switch for the branch network by using a site template that has LAN segments for both CPE and switch, CSO returns a select at least one switch port for the CPE LAN Segment error.

    Workaround: In the site template, add LAN segment only for the switch. For the CPE, add a LAN segment after the ZTP is completed.

    Bug Tracking Number: CXU-36474

  • During ZTP, bootstrap job times out if the device takes a long time to connect to CSO.

    Workaround: Delete and re-add the site and then, retry ZTP.

    Bug Tracking Number: CXU-34298

  • An SRX device remains in the DEVICE_DETECTED state for 3-4 minutes during ZTP.

    Workaround: There is no functional impact. The ZTP is continued after the delay of about four minutes.

    Bug Tracking Number: CXU-31813

General

  • Bootstrap job for sites that use SRX devices remains in in-progress state. This problem occurs if only MPLS links are enabled with use for OAM.

    Workaround: Copy-paste the stage-1 configuration to the device CLI instead of doing ZTP.

    Bug Tracking Number: CXU-36661

  • If you deploy multiple firewall policies that have multiple devices, View Configuration shows only devices from one of the policies even though the policies have been successfully deployed to all devices.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-36594

  • The display name field of the monitor object deleted alarm shows the UUID of deleted sites instead of the name of the site.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-36367

  • The bootstrap job for a device remains in the In Progress state for a considerable time. This is because, CSO fails to receive the bootstrap completion notification from the device.

    Workaround: If the bootstrap job is in the In Progress state for more than 10 minutes, add the following configuration to the device:

    set system phone-home server https://redirect.juniper.net

    Bug Tracking Number: CXU-35450

  • When you delete a site and recover the recovery.conf file on SRX3XX devices, the Phone-Home Client (PHC) does not automatically restart.

    Workaround: After you commit the recovery.conf file, you must manually restart the Phone-Home Client by running the restart phone-home-client command, and then perform the ZTP.

    Bug Tracking Number: CXU-35385

  • The job log for an EX device reboot does not show details of the reboot job.

    Workaround: View the progress of the reboot job from the Monitor > Jobs page.

    Bug Tracking Number: CXU-35366

  • The status of GRE_IPSEC tunnel between an on-premise spoke site with SRX340 as a CPE device and an enterprise hub is down.

    Workaround: Reboot the device.

    Bug Tracking Number: CXU-35348

  • In next-generation firewall sites with LAN, the recall of EX2300 and EX3400 devices with the zeroize option does not work. This issue occurs because EX2300 and EX3400 do not support zeroize.

    Workaround: Manually clean up the EX2300 and EX3400 devices.

    Bug Tracking Number: CXU-35208

  • For Hybrid sites that use NFX150 or NFX250 CPE, you cannot use default configuration templates to configure physical interface, zones, or routing instances.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-35021

  • ZTP of SRX devices fails because the default CA certificate is not installed on the device.

    Workaround: Install the certificates on the device by using the CLI, reboot the device, and then, retry ZTP.

    Bug Tracking Number: CXU-34578

  • At times, recall with recovery configuration fails to revert EX2300 and EX3400 devices to the recovery configuration because some devices do not have the /var/db/scripts/events directory.

    Workaround: Keep a copy of the recovery configuration and use the load override recovery filename command to revert the required configuration on EX2300 or EX3400.

    Bug Tracking Number: CXU-34430

  • If you create an audit log purge with a recurring schedule and select the Run Now option, the recurrence fails to get scheduled.

    Workaround: When you schedule an audit log purge with a recurring schedule, use the Schedule at a later time option instead of the Run Now option.

    Bug Tracking Number: CXU-32608

  • You cannot filter the device ports for SRX devices while adding an on-premise spoke sites or adding a switch.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-32826

  • UTM web filtering fails at times even though the Enhanced Web Filtering (EWF) server is up and online.

    Workaround: From the device, configure the EWF Server with the 116.50.57.140 IP address as shown in the following example:

    root@SRX-1# set security utm feature-profile web-filtering juniper-enhanced server host 116.50.57.140

    Bug Tracking Number: CXU-32731

  • After you do an RMA of a spoke, the LAN segment fails to connect to the enterprise hub.

    Workaround: Reboot the spoke device.

    Bug Tracking Number: CXU-35379