Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Issues


This section lists known issues in Juniper Networks CSO Release 5.0.2.


  • When you add or remove any intent on the SD-WAN Policy page, a +0 is added after every element even though you selected only one element.

    Workaround: This issue does not have any functional impact. The +0s disappear when you refresh the page.

    Bug Tracking Number: CXU-32068

  • When frequent link switches happen, the application throughput data displayed on Monitor> Application SLA Performance page and Resources > Site management > Site details > WAN page might vary.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-33050

  • The Sites Meeting SLA Without Switching section in an SD-WAN performance report lists the sites that are in the Provision-Failed state.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-38894

Site and Tenant Workflow

  • During ZTP, the bootstrap job times out if the device takes a long time to connect to CSO.

    Workaround: Delete the site and add it again, and then try ZTP.

    Bug Tracking Number: CXU-34298

  • On a site with an NFX250 device and EX Series switch, the EX Series switch will not be detected if there are no LAN segments.

    Workaround: Onboard the site with at least one LAN segment.

    Bug Tracking Number: CXU-38960


  • App Visibility functionality for NFX250 and NFX150 Hybrid WAN Managed Internet CPE may not work as expected because application tracking is not enabled by default.

    Workaround: Enable application-tracking through device configuration from the CSO UI. Go to Devices, select an NFX250 or NF150 site, and then select Configuration > Zones > Edit Untrust Zone, and select the Application-Tracking check box and deploy the configuration.

    Bug Tracking Number: CXU-37713

  • When a WAN link that is configured with DHCP is used as a DVPN tunnel endpoint, a change in the DHCP IP address of the WAN link causes the DVPN tunnel to be down.

    Workaround: Delete the DVPN tunnel from the Resources > Resource Name > WAN tab and create a new tunnel.

    Bug Tracking Number: CXU-36761

  • The bootstrap job for sites that use SRX Series devices remains in the in-progress state. This problem occurs if only MPLS links are enabled with use for OAM.

    Workaround: Copy and paste the stage-1 configuration to the device CLI instead of performing ZTP.

    Bug Tracking Number: CXU-36661

  • The display name field of the monitor object deleted alarm shows the UUID of deleted sites instead of the name of the site.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-36367

  • The bootstrap job for a device remains in the In Progress state for a considerable time. This is because, CSO fails to receive the bootstrap completion notification from the device.

    Workaround: If the bootstrap job is in the In Progress state for more than 10 minutes, add the following configuration to the device:

    set system phone-home server

    Bug Tracking Number: CXU-35450

  • When you delete a site and recover the recovery.conf file on SRX3XX devices, the Phone-Home Client (PHC) does not automatically restart.

    Workaround: After you commit the recovery.conf file, you must manually restart the PHC by running the restart phone-home-client command, and then perform ZTP.

    Bug Tracking Number: CXU-35385

  • In next-generation firewall sites with LAN, the recall of EX2300 and EX3400 devices with the zeroize option does not work. This issue occurs because EX2300 and EX3400 do not support the zeroize option.

    Workaround: Manually clean up the EX2300 and EX3400 devices.

    Bug Tracking Number: CXU-35208

  • For Hybrid sites that use NFX150 or NFX250 CPE, you cannot use default configuration templates to configure physical interfaces, zones, or routing instances.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-35021

  • At times, recall with the recovery configuration fails to revert EX2300 and EX3400 devices to the recovery configuration because some devices do not have the /var/db/scripts/events directory.

    Workaround: Keep a copy of the recovery configuration and use the load override recovery filename command to revert the devices to the required configuration.

    Bug Tracking Number: CXU-34430

  • If you create an audit log purge with a recurring schedule and select the Run Now option, the recurrence fails to get scheduled.

    Workaround: When you schedule an audit log purge with a recurring schedule, use the Schedule at a later time option instead of the Run Now option.

    Bug Tracking Number: CXU-32608

  • You cannot filter the device ports for SRX Series devices while adding an on-premise spoke site or while adding a switch.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-32826

  • UTM Web filtering fails at times even though the Enhanced Web Filtering (EWF) server is up and online.

    Workaround: From the device, configure the EWF Server with the IP address as shown in the following example:

    root@SRX-1# set security utm feature-profile web-filtering juniper-enhanced server host

    Bug Tracking Number: CXU-32731

  • After you do an RMA of a spoke, the LAN segment fails to connect to the enterprise hub.

    Workaround: Reboot the spoke device.

    Bug Tracking Number: CXU-35379

  • For an EX Series switch, on the Configuration Template page there is no validation for the Maximum Power field. The range for Maximum Power is 0 through 30 watts. The deployment fails if you specify any other values.

    Workaround: Specify a value within the range (0 through 30 watts).

    Bug Tracking Number: CXU-38850

  • While activating an EX Series switch, the Activate Device page displays the status of the stage-1 configuration as failed.

    Workaround: Do not cancel the activation process. After a couple of minutes, the device activation process will proceed towards completion.

    Bug Tracking Number: CXU-38642

  • During the zero touch provisioning process of an EX Series switch, the recovery configuration is overwritten by the stage-1 configuration.

    Workaround: Save a copy of the recovery configuration before performing the ZTP or use prestage to provision an EX series switch.

    Bug Tracking Number: CXU-38594

  • The View link does not appear on the Sites page if you activate an EX Series switch using the activation code.

    Workaround: Enable the Auto activate field to automatically trigger the zero touch provisioning.

    Bug Tracking Number: CXU-38421

  • Zero touch provisioning of an EX Series switch fails if you add an EX Series switch behind an enterprise hub.

    Workaround: For onboarding an EX Series switch behind an enterprise hub, manually configure the stage-1 configuration.

    Bug Tracking Number: CXU-38994

  • On the Shared Objects page, if you edit a custom application or application group settings, the Firewall policies or SDWAN policies are marked as Pending Deployment even though there are no changes to the policies.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-38706

  • When you configure and deploy IPS on the Firewall rule, IDP does not detect the attacks and process the traffic on NFX150 device with Junos OS Release 18.2X85-D12 when a dynamic application is configured.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-38388

  • For an EX Series switch, if you enable or disable a port from the UI, the port status is reflected in Port Chassis View and Port Grid only after an approximate time of 5 minutes.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-37846

  • If you create or delete a DVPN tunnel, you cannot reach the SRX LAN interface.

    Workaround: Reboot the spoke or execute the following commands and then rollback the changes.

    • set groups dept-configuration interfaces ge-0/0/4 vlan-tagging

    • set groups dept-configuration interfaces ge-0/0/5 vlan-tagging

    Bug Tracking Number: CXU-35379

  • Workaround:

    Bug Tracking Number: CXU-38882