Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Issues


This section lists known issues in Juniper Networks CSO Release 5.0.0.


  • When you add or remove any intent on the SD-WAN Policy page, a +0 is added after every element even though you selected only one element.

    Workaround: This does not have any functional impact. The +0s disappear when you refresh the page.

    Bug Tracking Number: CXU-32068

  • When frequent link switches happen, the application throughput data displayed on Monitor> Application SLA Performance page and Resources > Site management > Site details > WAN page might vary.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-33050

  • When you create and deploy an SSL policy with the source endpoint and the destination endpoint as Site only or Department only, the SSL certificate and the configurations are not applied to the device.

    Workaround: If you select the source or destination endpoints as Site or Department, you should combine these endpoints with one of the following: IP address, IP address group, Any. For example, the source endpoint can be a combination of Site and IP address, or Site and Any, or Department and Any, and so on.

    Bug Tracking Number: CXU-35474

  • When you deploy an SD-WAN policy on an NFX device for the first time, the deployment might fail due to connectivity issues.

    Workaround: The deployment will be successful when you redeploy the SD-WAN policy.

    Bug Tracking Number: CXU-35386

Site and Tenant Workflow

  • When you select DSL for WAN link, the default mesh tag is set to MPLS.

    Workaround: Manually set the mesh tag to Internet (instead of MPLS) and proceed with the DSL WAN link configuration.

    Bug Tracking Number: CXU-35461

  • Adding sites using a site template that is a cloned template which was edited to remove the LAN segment part of the template fails.

    Workaround: Instead of cloning a site template and editing out the LAN segment part, create a new site template that does not have the LAN segment configuration.

    Bug Tracking Number: CXU-35374

  • On the Device Activation page, the status is incorrectly shown as activating even though the bootstrap job has failed.

    Workaround: Check the device activation status on the Monitor > Jobs page.

    Bug Tracking Number: CXU-34907

  • ZTP for a next-generation firewall device fails at the install default trusted-ca stage.

    Workaround: Reboot the SRX device (next-generation firewall device) and retry the ZTP job. To retry the ZTP job, go to the Job Management page and select the failed ZTP job and click Retry.

    Bug Tracking Number: CXU-34472

  • During ZTP, boot strap job times out if the device takes a long time to connect to CSO.

    Workaround: Delete and re-add the site and then, retry ZTP.

    Bug Tracking Number: CXU-34298

  • Status of an SRX device that is activated in CSO does not change to Connected.

    Workaround: Reboot the device.

    Bug Tracking Number: CXU-32815

  • An SRX device remains in the DEVICE_DETECTED state for 3-4 minutes during ZTP.

    Workaround: There is no functional impact. The ZTP is continued after the delay of about four minutes.

    Bug Tracking Number: CXU-31813


  • Though you can delete an SRX cluster device from the Sites page of the CSO portal, the device fails to zeroize.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-35481

  • Monitoring page for EX Series switches might not be displaying the latest data as the page does not auto-refresh.

    Workaround: Manually refresh the page to view the latest data.

    Bug Tracking Number: CXU-35362

  • In next-generation firewall sites with LAN, the recall of EX2300 and EX3400 devices with the zeroize option does not work. This issue occurs because EX2300 and EX3400 do not support zeroize.

    Workaround: Manually clean up the EX2300 and EX3400 devices.

    Bug Tracking Number: CXU-35208

  • Image deploy from CSO to an EX2300 device fails.

    Workaround: On the device, run the following operational mode commands before you attempt to deploy the image:

    • request system storage cleanup

    • request system snapshot delete

    Bug Tracking Number: CXU-35016

  • ZTP of SRX devices fails because the default CA certificate is not installed on the device.

    Workaround: Install the certificates on the device by using the CLI, reboot the device, and then, retry ZTP.

    Bug Tracking Number: CXU-34578

  • At times, recall with recovery configuration fails to revert EX2300 and EX3400 devices to the recovery configuration because some devices do not have the /var/db/scripts/events directory.

    Workaround: Keep a copy of the recovery configuration and use the load override recovery filename command to revert the required configuration on EX2300 or EX3400.

    Bug Tracking Number: CXU-34430

  • The job log for an EX device reboot does not show details of the reboot job.

    Workaround: View the progress of the reboot job from the Monitor > Jobs page.

    Bug Tracking Number: CXU-35366

  • Last login details of users are not available in the Administration > Users page.

    Workaround: Use the Login and Context option in the Administration > Audit Logs page to view details of user logins.

    Bug Tracking Number: CXU-35317

  • If you create an audit log purge with a recurring schedule and select the Run Now option, the recurrence fails to get scheduled.

    Workaround: When you schedule an audit log purge with a recurring schedule, use the Schedule at a later time option instead of the Run Now option.

    Bug Tracking Number: CXU-32608

  • ZTP of an EX4300 device fails as the phone-home client fails to commit the stage-1 configuration.

    Workaround: Run the following configuration mode commands on the EX4300 device:

    • delete chassis auto-image-upgrade

    • commit and-quit

    After you run these commands from the configuration mode of the device, go to the operational mode and run the following command to restart the phone-home client:

    • restart phone-home-client

    Bug Tracking Number: CXU-32666

  • The bootstrap job for a device remains in the In Progress state for a considerable time. This is because, CSO fails to receive the bootstrap completion notification from the device.

    Workaround: If the bootstrap job is in the In Progress state for more than 10 minutes, add the following configuration to the device:

    set system phone-home server

    Bug Tracking Number: CXU-35450

  • When you delete a site and recover the recovery.conf file on SRX3XX devices, the Phone-Home Client (PHC) does not automatically restart.

    Workaround: After you commit the recovery.conf file, you must manually restart the Phone-Home Client by running the restart phone-home-client command, and then perform the ZTP.

    Bug Tracking Number: CXU-38385

  • For NFX150 and NFX250 devices, you cannot use physical interface, zones, and routing instances. These configurations are available for SRX devices.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-35021

  • You cannot filter the device ports for SRX devices while adding an on-premise spoke sites or adding a switch.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-32826

  • The status of GRE_IPSEC tunnel between an on-premise spoke site with SRX340 as a CPE device and an enterprise hub is down.

    Workaround: Reboot the device.

    Bug Tracking Number: CXU-35348

  • RMA on the primary node of an NFX250 dual CPE device may not work as expected.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-35433

  • After you do an RMA of a spoke, the LAN segment fails to connect to the enterprise hub.

    Workaround: Reboot the spoke device.

    Bug Tracking Number: CXU-35379

  • Previously-generated reports list is not available for later retrieval.

    Workaround: When you generate a report, download the report as a PDF for later references.

    Bug Tracking Number: CXU-35230