This section lists known issues in Juniper Networks CSO Release 5.1.1.
Performed Cassandra restore from 4.1.1. Token were copied from Cassandra
backup and updated in the /opt/charts/cassandra/values.yaml file as required. Post this when restore is performed using cso_backupnrestore script, Cassandra is not coming
up. The service docker is up and running fine.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-42663
When you execute the ./deploy.sh script to install CSO 5.1.1 on a bare-metal server, an error message
appears to indicate that python-dev packages have dependencies that are not met.
Workaround: Connect the bare-metal server to the Internet and execute the following commands on the shell prompt of the server:
$cp /etc/apt/orig-sources.list /etc/apt/sources.list
$apt-get update
$apt-get install python-dev
$./deploy.sh
Bug Tracking Number: CXU-42327
Addition and deletion of mesh tags are not captured in the DVPN audit logs.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-32252
When you add or remove any intent on the SD-WAN Policy page, a +0 is added after every element even though you selected only one element.
Workaround: This issue does not have any functional impact. The +0s disappear when you refresh the page.
Bug Tracking Number: CXU-32068
Traffic from a spoke site that has a dynamic SLA policy enabled and is connected to an MX Series cloud hub device takes asymmetric paths—that is different paths for upstream and downstream.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-32506
On gateway site, when there are no non-data center departments, SD-WAN policy deploy job may return the following message and fail:
No update of SD-WAN policy configuration on device due to missing required information.
Workaround: There is no functional impact; the deploy job completes successfully when a non-data center department with a LAN segment is deployed on Gateway site.
Bug Tracking Number: CXU-31365
SD-WAN deployment policy job may fail if policy intent involves datacenter department or department without any LAN segment. This does not impact SD-WAN policy deployment for other sites.
Workaround: Use more specific SD-WAN intents, with department or department with site, to exclude datacenter departments and departments without LAN segments.
Bug Tracking Number: CXU-31313
In a bandwidth-optimized, hub-and-spoke topology where network segmentation is enabled, a new LAN segment that has an existing department added to it might cause a deploy to fail.
Workaround: Delete the LAN segment and retry the deploy. If there are policy dependencies, remove the dependencies before you delete the LAN segment.
Bug Tracking Number: CXU-25968
OAM configurations remain on an MX device that you have deactivated as cloud hub from CSO.
Workaround: Manually remove the configuration from the device.
Bug Tracking Number: CXU-25412
If the Internet breakout WAN link of the cloud hub is not used for provisioning the overlay tunnel by at least one spoke site in a tenant, then traffic from sites to the Internet is dropped.
Workaround: Ensure that you configure a firewall policy to allow traffic from security zone trust-tenant-name to zone untrust-wan-link, where tenant-name is the name of the tenant and wan-link is the name of the Internet breakout WAN link.
Bug Tracking Number: CXU-21291
If a WAN link on a CPE device goes down, the WAN tab of the Site-Name page (in Administration Portal) displays the corresponding link metrics as N/A.
Workaround: None.
Bug Tracking Number: CXU-23996
If you delete a cloud hub that is created in Release 3.3.1, CSO does not delete the stage-2 configuration.
Workaround: You must manually delete the stage-2 configuration from the device.
Bug Tracking Number: CXU-25764
While provisioning a Dual CPE SRX cluster as an enterprise hub with the multi-access shared bearer (MASB) configuration, the Stage1 configuration is failing to commit because untagged logical interfaces are not supported on the device interface when MASB is configured.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-42201
Fortinet service chaining is failing on NFX250.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-42188
At times, recall with the recovery configuration fails
to revert EX2300 and EX3400 devices to the recovery configuration
because some devices do not have the /var/db/scripts/events directory.
Workaround: Keep a copy of the recovery configuration and use the load override recovery filename command to revert the devices to the required configuration.
Bug Tracking Number: CXU-34430
For an EX Series switch, on the Configuration Template page the Maximum Power field is not validated. The range for Maximum Power is 0 through 30 watts. The deployment fails if you specify any other values.
Workaround: Specify a value within the range (0 through 30 watts).
Bug Tracking Number: CXU-38850
ZTP of an EX Series switch fails if you add an EX Series switch behind an enterprise hub.
Workaround: For onboarding an EX Series switch behind an enterprise hub, manually configure the stage-1 configuration.
Bug Tracking Number: CXU-38994
For an EX Series switch, if you enable or disable a port from the UI, the port status is reflected in Port Chassis View and Port Grid only after an approximate time of 5 minutes.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-37846
For an EX Series switch, you cannot filter or search for the device ports on the Resources > Devices Device-Name> Ports tab.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-38564
If you reboot an NFX250 device, the EX Series switch behind the NFX250 device might not renew the DHCP request, and the operational status of the switch might be displayed as down.
Workaround: On the EX Series switch, manually run the request dhcp client renew all command.
Bug Tracking Number: CXU-39127
The phone-home process might not be triggered if you zeroize an EX Series switch and disable the management interface on the switch.
Workaround: To trigger the phone-home process, run the delete chassis auto-image-upgrade command and commit the delete operation.
Bug Tracking Number: CXU-39129
If you are using an EX Series switch with Junos OS Release 18.3R1.9, the Current System Users widget always displays the login time as Jan 1, 1970.
Workaround: Upgrade the EX Series switch to Junos OS Release 18.4R2.7.
Bug Tracking Number: CXU-38647
The deployment of a port profile fails if the values you have configured for the firewall filter are not supported on the device running Junos OS.
Workaround:
Edit the firewall filter.
Update the values according to the supported configuration specified for a firewall filter, in this link.
Redeploy the port profile.
Bug Tracking Number: CXU-39629
The Chassis View page for an EX Series switch is not automatically refreshed to display the status of the newly configured ports.
Workaround: Manually refresh the Device-name page. Alternatively, navigate to some other page on the UI and then revisit the Device-name page to view the status of the newly configured ports on the chassis view page.
The Zero Touch Provisioning toggle button is displayed for EX4600 and EX4650 switches although these switches do not support ZTP.
Workaround: Disable the Zero Touch Provisioning toggle button and manually configure the stage-1 configuration on the switches.
Bug Tracking Number: CXU-41608
The Chassis View page for an EX Series Virtual Chassis incorrectly displays member 0 as the master member although the Virtual Chassis was successfully provisioned without member 0, through ZTP.
Workaround: Add an EX Series device as member 0 before provisioning the Virtual Chassis.
Bug Tracking Number: CXU-40322
If you upgrade a CSO Release 5.0.3 site with an EX Series switch to CSO Release 5.1, the port profile configuration or manual configuration of a port profile on an already configured port may not work as expected.
Workaround: Delete and re-create the site with an EX Series switch.
Bug Tracking Number: CXU-41763
CSO is unable to configure access ports on the EX4600 and EX4650 device after zeroizing the device because a default VLAN is configured on all the ports after zeroizing.
Workaround: Load the factory default configuration if you zeorize the EX4600 and EX4650 devices.
To load the factory default configuration, enter the following commands after entering the configuration mode of the device CLI:
user@switch# load factory default
user@switch# delete system commit factory-settings
user@switch# commit
Alternatively, delete the default VLAN from the ports.
To delete the default VLAN from the ports
For a physical EX4600 switch, use the following commands:
user@switch# wildcard range delete interfaces ge-0/0/[0-23] unit 0 family ethernet-switching vlan members default
user@switch# wildcard range delete interfaces xe-0/0/[0-23] unit 0 family ethernet-switching vlan members default
user@switch# wildcard range delete interfaces et-0/0/[24-27] unit 0 family ethernet-switching vlan members default
For an EX4600 Virtual Chassis, execute the commands for the physial EX4600 switch and change the FPC number from 0 to the number of member devices.
To delete the default VLAN from FPC 1, use the following commands:
user@switch# wildcard range delete interfaces ge-1/0/[0-23] unit 0 family ethernet-switching vlan members default
user@switch# wildcard range delete interfaces xe-1/0/[0-23] unit 0 family ethernet-switching vlan members default
user@switch# wildcard range delete interfaces et-1/0/[24-27] unit 0 family ethernet-switching vlan members default
If there are four member devices, execute the commands with the FPC numbers ranging from ge-1/0/[0-23] to ge-3/0/[0-23]. Similarly, execute the commands for the XE and ET ports.
For a physical EX4650 switch, use the following commands:
user@switch# wildcard range delete interfaces xe-0/0/[0-47] unit 0 family ethernet-switching vlan members default
user@switch# wildcard range delete interfaces et-0/0/[48-55] unit 0 family ethernet-switching vlan members default
For an EX4650 Virtual Chassis, execute the commands for the physical EX4650 switch and change the FPC numbers from 0 to the number of member devices.
Bug Tracking Number: CXU-42865
The chassis view of an EX4650 Virtual Chassis with two members appears blank on the CSO GUI when port channelization is configured on the member devices.
Workaround: Do not configure port channelization on the member device if you want to see the Chassis View.
Bug Tracking Number: CXU-42690
When adding a switch to an already provisioned site, the site state is set as Provisioned, because of which a link to manually activate the EX device does not appear. The state of a site should be set to Provisioned only when all the devices in the site are provisioned.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-40647
Chassis view for an EX2300 Virtual Chassis appears blank when the Virtual chassis is pre-provisioned.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-42866
In an SD-LAN firewall term list, when you move a filter term in the first position to the last position, the change in the order of the firewall filter terms is not saved in the database.
Workaround: In the term list, move the firewall filter term in the first position to one position before the last position and then move the term in the last position upwards.
Bug Tracking Number: CXU-43182
While preprovisioning a Virtual Chassis, if a member is down or the member is not connected to the Virtual Chassis, the Virtual Chassis Port (VCP) status of the member is not updated in CSO after the member is brought up after provisioning.
Workaround: There is no workaround.
Bug Tracking Number: CXU-42124
In an HA setup, some of the VRRs are incorrectly reported as down even though those VRRs are up and running. This problem occurs because some of the alarms that are created when VRRs are down after a power failure fail to be cleared even after the VRRs come back online.
Workaround: Though this issue does not have any functional impact, we recommend that you restart the VRR to clear the alarms.
Bug Tracking Number: CXU-31448
In an HA setup, deployment of NAT and firewall policies fail if secmgt-sm pods fail to initialize after a snapshot process and remain in 0/1 Running state.
Workaround: Run the following curl command from the microservices VM and make sure scemgt-sm pods comes to 1/1 Running state:
curl -XPOST "https://<central-vip>/api/juniper/sd/csp-web/database-initialize" -H 'Content-Type: application/json' -H 'Accept: application/json' -H "X-Auth-Token: token
Bug Tracking Number: CXU-31446
On an on-premise Installation, the Contrail Analytics Node (CAN) fails to install because of which CSO installation is failing.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-42965
If a cloud hub is used by two tenants, one with public key infrastructure (PKI) authentication enabled and other with preshared key (PSK) authentication enabled, the commit configuration operation fails. This is because only one IKE gateway can point to one policy and if you define a policy with a certificate then the preshared key does not work.
Workaround: Ensure that the tenants sharing a cloud hub use the same type of authentication (either PKI or PSK) as the cloud hub device.
Bug Tracking Number: CXU-23107
If UTM Web-filtering categories are installed manually (by using the request system security UTM web-filtering category install command from the CLI) on an NFX150 device, the intent-based firewall policy deployment from CSO fails.
Workaround: Uninstall the UTM Web-filtering category that you installed manually by executing the request security utm web-filtering category uninstall command on the NFX150 device and then deploy the firewall policy.
Bug Tracking Number: CXU-23927
If SSL proxy is configured on a dual CPE device and if the traffic path is changed from one node to another node, the following issue occurs:
For cacheable applications, if there is no cache entry the first session might fail to establish.
For non-cacheable applications, the traffic flow is impacted.
Workaround: None.
Bug Tracking Number: CXU-25526
On a site with an NFX250 device and EX Series switch, the EX Series switch is not detected if there are no LAN segments.
Workaround: Onboard the site with at least one LAN segment.
Bug Tracking Number: CXU-38960
On an on-premise installation, when deploying a port profile configuration fails on an EX4650 switch, CSO displays the management status of the site with EX4650 switch as provisioned even though the zero-touch provisioning (ZTP) job fails on the switch.
Workaround: Ensure that no port profile is deployed on an EX4650 switch during ZTP.
Bug Tracking Number: CXU-42181
Zero-touch provisioning of an EX Series switch fails if you add the switch behind an enterprise hub.
Workaround: For onboarding an EX Series switch behind an enterprise hub, manually configure the Stage-1 configuration on the switch.
Bug Tracking Number: CXU-38994
When you perform ZTP on more than one enterprise hub at the same time, ZTP for one or the other enterprise hub may fail.
Workaround: Perform ZTP on enterprise hubs one after other; that is, after the ZTP of the first enterprise hub completes successfully. You can also retry executing the failed ZTP job.
Bug Tracking Number: CXU-42985
ZTP of an SRX1500 dual CPE fails when there are more than eight LAN interfaces to be configured on the CPE.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-42937
CSO GUI must not allow the onboarding of new spoke sites unless provider hubs (OAM_ONLY and OAM_AND_DATA) are upgraded to CSO Release 5.1.1.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-43123
When onboarding a next-generation firewall and switch, the CSO GUI may temporarily show that provisioning the firewall as failed when a license is not present, though the ZTP task completes and the site is provisioned.
Workaround: Refresh the page to view the final status of onboarding the next-generation firewall.
Bug Tracking Number: CXU-43024
While configuring a site with an NFX Dual CPE cluster, if you delete the site while the bootstrap process is in progress, the bootstrap process does not fail, but the ZTP process of the devices fail.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-43022
While configuring an SD-WAN site with an EX switch, the VLAN value is not saved when you enable CPE ports for configuring the VLAN.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-43365
Provisioning an SRX340 device as next-generation firewall by using CSO is failing when Junos OS 19.3R2 is installed on the device.
Workaround: In the device templates for SRX Series devices, disable the AUTO_INSTALL_DEFAULT_TRUSTED_CERTS_TO_DEVICE option in Device Template before ZTP.
Bug Tracking Number: CXU-43362
App Visibility functionality for NFX250 and NFX150 Hybrid WAN Managed Internet CPE may not work as expected because application tracking is not enabled by default.
Workaround: Enable application-tracking through device configuration from the CSO UI. Go to Devices, select an NFX250 or NF150 site, and then select Configuration > Zones > Edit Untrust Zone, and select the Application-Tracking check box and deploy the configuration.
Bug Tracking Number: CXU-37713
When a WAN link that is configured with DHCP is used as a DVPN tunnel endpoint, a change in the DHCP IP address of the WAN link causes the DVPN tunnel to be down.
Workaround: Delete the DVPN tunnel from the Resources > Resource Name > WAN tab and create a new tunnel.
Bug Tracking Number: CXU-36761
The display name field of the monitor object deleted alarm shows the UUID of deleted sites instead of the name of the site.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-36367
In next-generation firewall sites with LAN, the recall of EX2300 and EX3400 devices with the zeroize option does not work. This issue occurs because EX2300 and EX3400 do not support the zeroize option.
Workaround: Manually clean up the EX2300 and EX3400 devices.
Bug Tracking Number: CXU-35208
For Hybrid sites that use NFX150 or NFX250 CPE, you cannot use default configuration templates to configure physical interfaces, zones, or routing instances.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-35021
You cannot filter the device ports for SRX Series devices while adding an on-premise spoke site or while adding a switch.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-32826
UTM Web filtering fails at times even though the Enhanced Web Filtering (EWF) server is up and online.
Workaround: From the device, configure the EWF Server with the IP address 116.50.57.140 as shown in the following example:
root@SRX-1# set security utm feature-profile web-filtering juniper-enhanced server host 116.50.57.140
Bug Tracking Number: CXU-32731
After you do an RMA of a spoke device, the LAN segment fails to connect to the enterprise hub.
Workaround: Reboot the spoke device.
Bug Tracking Number: CXU-35379
On the Shared Objects page, if you edit a custom application or application group settings, the firewall policies or SD-WAN policies are marked as Pending Deployment even though there are no changes to the policies.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-38706
When you configure and deploy IPS on the firewall rule, IDP does not detect the attacks and processes the traffic on an NFX150 device with Junos OS Release 18.2X85-D12 when a dynamic application is configured.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-38388
If you create or delete a DVPN tunnel, you cannot reach the LAN interface on the SRX Series device.
Workaround: Reboot the spoke or execute the following commands and then roll back the changes.
set groups dept-configuration interfaces ge-0/0/4 vlan-tagging
set groups dept-configuration interfaces ge-0/0/5 vlan-tagging
Bug Tracking Number: CXU-35379
If you click a specific application on the Resources > Sites Management > WAN tab > Top applications widget, the Link Performance widget does not display any data.
Workaround: You can view the data from the Monitoring >Application Visibility page or Monitoring >Traffic Logs page.
Bug Tracking Number: CXU-39167
While adding a spoke site if you add and associate one or more departments with one or more LAN segments, sometimes the department's VRF tables might not be created at the enterprise hub. This causes the enterprise hub's 0/0 (default) route to be missing in the spoke site department's VRF tables.
Workaround: Delete and redeploy the LAN segments.
Bug Tracking Number: CXU-37770
On a newly installed CSO setup, core files are generated in the CAN virtual machines (VMs).
Workaround: No workaround. However, to see whether the processes are running as expected, check the Contrail Status in all the dockers.
Bug Tracking Number: CXU-41338
When DVPN tunnels (GRE_IPSEC tunnels) are established between a pair of SRX3XX devices that have Internet WAN links behind NAT, the GRE OAM status of the tunnels is displayed as DOWN and hence the tunnels are marked as DOWN and not usable for traffic.
Workaround : Disable the GRE OAM keepalive configuration to make the tunnel usable for traffic.
Bug Tracking Number: CXU-41281
The health check in the CAN node fails while you run the deploy.sh script on the startup server during the HA deployment. This is because the Kafka process is inactive in one of the CAN nodes.
Workaround:
If all the components are healthy, then proceed with the installation.
Bug Tracking Number: CXU-41232
Alarms are not getting generated if the date and time is not in sync with the NTP server.
Workaround: CSO and devices must be NTP-enabled. Make sure CSO and device time are in sync.
Bug Tracking Number: CXU-40815
UTM Web filtering is not supported in the active-active SRX
Series chassis cluster. The UTM Web filter will be up only on one
node of the cluster. The up status depends on which node was able
to setup connection to the cloud server from the PFE directory.
Workaround: None
Bug Tracking Number: CXU-32738
The bootstrap process remains in the In Progress state because the phone-home server fails to receive the bootstrap completion notification from the phone-home client.
Workaround: Reconfigure the name server and the phone-home server (https://redirect.juniper.net), and restart the phone-home client.
Bug Tracking Number: CXU-41449
Signature database installation might fail for an SRX Series device, with the following error message:
Application signature version 3229 install failed for device 4100HAEH. Error copy on device/node failed : file copy /tmp/application_groups2.xml.gz node0:/var/db/idpd/nsm-download/application_groups2.xml.gz error: put-file failed error: could not send local copy of file {primary:node0} cspuser@4100HAEH.4100HAEH
Workaround: Run the following commands as the root user on the device shell:
chmod -R 777 /var/db/idpd/nsm-download
chmod -R 777 /var/db/appid/sec-download
For dual CPE devices, you must run these commands on node 0 and node 1.
Bug Tracking Number: CXU-41678
The firewall policy deployment fails if the system has more than 10,000 addresses.
Workaround: In the elasticsearch.yml file, update the index.max_result_window parameter to 20000.
Bug Tracking Number: CXU-41678
The bootstrap job for a device remains in the In Progress state for a considerable time. This is because CSO fails to receive the bootstrap completion notification from the device.
Workaround: If the bootstrap job is in the In Progress state for more than 10 minutes, add the following configuration to the device:
set system phone-home server https://redirect.juniper.net
Bug Tracking Number: CXU-35450
After Network Address Translation (NAT), only one DVPN tunnel is created between two spoke sites if the WAN interfaces (with link type as Internet) of one of the spoke site have the same public IP address.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-41210
You cannot edit a device profile for an NFX150 device.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-41719
On an SRX Series device, the deployment fails if you use the same IP address in both the Global FW policy and the Zone policy.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-41259
The deployment of the MariaDB pod fails if you are installing CSO on an installation server or a startup server.
Workaround: Redeploy the MariaDB pod by running the deploy script again.
Bug Tracking Number: CXU-41734
In case of an AppQoE event (packet drop or latency), the application may not switch to the best available path among the available links.
Workaround: Reboot the device.
Bug Tracking Number: CXU-41922
You cannot delete a LAN segment in a site that is associated with an EX Series standalone switch.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-41907
While you are using a remote console for a tenant device, if you press the Up arrow or the Down arrow, then instead of the command history irrelevant text (that includes the device name and the tenant name) appears on the console.
Workaround. To clear the irrelevant text, press the down arrow key a few times and then press Enter.
Bug Tracking Number: CXU-41666
While you are editing a tenant, if you modify Tenant-owned Public IP Pool under Advanced Settings (optional), then the changes that you made to the Tenant-owned Public IP pool field are not reflected after the completion of the edit tenant operation job.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-41139
The TAR file installation of a distributed deployment fails. This issue occurs if the version of the bare-metal server that you are using is later than the recommended version.
Workaround: You must install the python-dev script before running the deploy-sh script.
After you extract the CSO TAR file on the bare-metal server:
Navigate to the /etc/apt directory and execute the following commands:
cp sources.list sources.list.cso
cp orig-sources.list sources.list
Install the python2.7-dev script by running the following commands:
apt-get update && apt-get install python2.7-dev
cp sources.list.cso sources.list
Navigate to the /root/Contrail_Service_Orchestration_5.1.0 folder and then
run the deploy.sh script.
Bug Tracking Number: CXU-41845
The Users page continues to display the name of the user that you deleted. This is because the Users page is not automatically refreshed.
Workaround: Manually refresh the page.
Bug Tracking Number: CXU-41793
After ZTP of an NFX Series device, the status of some tunnels are displayed as down. This issue occurs if you are using the subnet IP address192.168.2.0 on WAN links, which causes an internal IP address conflict.
Workaround: Avoid using the 192.168.2.0 subnet on WAN links.
Bug Tracking Number: CXU-41511
Image upgrade on a SRX4X00 cluster fails as the ISSU upgrade command throws an error due to real-time performance monitoring (RPM) configuration.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-39491
When you downgrade the Junos OS installed on an SRX cluster with SRX4100 or SRX4200 devices from Junos OS Release 19.3R2 to Junos OS Release 15.1X49D172, CSO is unable to reach the devices in the cluster.
Workaround: Perform the following steps:
The devices in the cluster reboot after the chassis cluster is disabled.
Bug Tracking Number: CXU-42851
CSO displays the status of a job to delete a next-generation firewall site as failed when the site is actually removed from the CSO UI.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-42202
CPE devices must be loaded with the following Junos OS image versions before the devices are activated to reduce ZTP time:
SRX: Junos OS Release 19.3R2-S1
NFX150: Junos OS Release 19.3R2-S1
NFX250: Junos OS Release 18.4R3
Workaround: There is no known workaround.
Bug Tracking Number: CXU-42703
On the CSO GUI, in the LAN tab of a next-generation firewall site with a LAN switch, when you click the arrow icon next to a LAN segment, the ports displayed in the Switch Ports field disappear.
Workaround: Hover over the “+<number of ports>” link in the Switch Ports column to view the list of ports on the LAN.
Bug Tracking Number: CXU-42608
Service chaining should not be allowed in an NFX150 CPE device when there are no core CPUs available to span new virtual network functions.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-40765
When you install the secondary node license on an SRX1500 dual CPE cluster, the installation fails.
Workaround: There is no known workaround.
Bug Tracking Number: CXU-43085
Installation of license on an SRX4200 Dual CPE cluster by using CSO is failing.
Workaround: Install the licenses manually. To install the licenses manually:
root@node0>request system license add /var/tmp/<node0-license-file.txt>
root@node0>file copy /var/tmp/<node1-license-file.txt>
root@node1>request system license add /var/tmp/<node1-license-file.txt>
Bug Tracking Number: CXU-40522
When the operational state of an NFX250 device changes from down to up (for example, after a software upgrade), k up with NFX250 reboot, an EX Series switch, if present behind it, may not send an DHCP request and may stay in operation state down.
Workaround: Manually execute the request dhcp client renew all command on the EX Series switch.
Bug Tracking Number: CXU-39127