Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Troubleshooting Image, License, and Policy Deployment Issues

 

Unable to find device image version

Problem

Description: How do I find my device image version without console access to the device?

Solution

Use the J-Web interface to find the device image version.

To access the J-Web interface of the device:

  1. Connect your laptop or workstation to any port (except ge-0/0/0) that is available on the device.
  2. Enable DHCP on the laptop or workstation and acquire the IP address and gateway information from the device.
  3. Use the gateway address (also known as the device address) in the Web browser to connect to the J-Web interface.
  4. Log in with the default username root. As the root user, you don’t need a password to log in.

    The Welcome page appears displaying the device image version.

Upgrade device image using J-Web

Problem

Description: Device image version is 15.1X49-D110; how do I upgrade the device image before site onboarding?

Solution

Use the J-Web interface to upgrade the device image.

To upgrade the device image using J-Web:

  1. Download the recommended image or the software version from the Juniper Networks website to your local machine.
  2. Log in to the J-Web interface.
  3. Select Maintain > Software > Upload Package.
  4. Navigate to the device image file location and select the file.
  5. Click Upload and Install Package to upgrade the device image.

Unable to connect to the device

Problem

Description: I am not able to log in to the device through the J-Web interface or through the device console. How do I proceed?

Solution

Press and hold the Reset Config button on the device for 15 seconds. Wait for two minutes for the device to restore the factory-default settings. Log in to the device as the root user (no password is required for the root user). If you are still not able to access the device, then reboot the device.

Device image version is different from the recommended version

Problem

Description: The device image version at the site is 15.1X49D110, but the recommended image version is 15.1X49D170.x. Should I upgrade the device image manually before site onboarding?

Solution

You don't’ need to upgrade the device image manually before site onboarding. You can do either of the following:

  • Upgrade the device image during site activation in CSO—While you are in the site configuration or onboarding workflow, select the device image from the drop-down list.

    Note

    Device image upgrade during site activation delays the site activation process.

  • Upgrade the device image post site activation in CSO—Navigate to Resources > Images, select the image, and click Deploy.

LAN Switch image version is different from the recommended version

Problem

Description: LAN switch (EX Switch) image version is lower-numbered version than the recommend version. Can I proceed with onboarding the site?

Solution

Use the recommend image version for the device.

Policy deployment failed

Problem

Description: Policy deployment failed; how do I proceed?

Solution

Verify the device connectivity to the Internet. Retry the policy deployment.

No data for next-generation firewall site

Problem

Description: Application Visibility Monitoring page shows no data for the next-generation firewall site; how do I proceed?

Solution

Do the following:

  • Verify that your network firewall allows the UDP port 514.

  • Verify the application visibility monitoring page after multiple application sessions (in the time range of 3–5 minutes) traffic.

  • Use an appropriate time interval for the query. For example, if you are querying for the traffic sent in the last 10 minutes, then try using a 15-minute query (minimum time interval).

No data for SD-WAN site

Problem

Description: Application visibility and WAN performance data on the Site Management page shows no data for the SD-WAN site; how do I proceed?

Solution

Do the following:

  • Verify the application visibility and WAN performance data after multiple application sessions (in the time range of 3-5 minutes) traffic.

  • Use an appropriate time interval for the query. For example, if you are querying for the traffic sent in the last 10 minutes, then try using a 15-minute query (minimum time interval).

Traffic from Spoke Sites Are Dropped or Are Not Reaching Internet or Destination

Problem

Description: Traffic from spoke sites are dropped or are not reaching the Internet or their specified destinations.

Solution

  1. Verify the alerts for overlay or underlay connections, and check whether BGP is active.

    Log in to Administration portal, and select Monitor > Alerts and Alarm > Alerts.

  2. Check whether the firewall policies are successfully deployed to the CPE device and that the traffic or applications are matching the policies to permit the traffic to Internet or to other sites.

    In Administration Portal, select Sites > Site-Name > Policies.

    Or log in to the CPE device and verify that the next-generation firewall policies are deployed.

  3. Check the routes in the default VRF route table in the CPE device.
  4. Trace the route and verify the reachability from the hub to the destination. If the hub cannot reach the Internet, then verify whether the firewall and NAT policies are set up properly in the hub.
  5. For further troubleshooting, collect the logs and output results and contact Juniper Networks Technical Support team.

Problem

Description: The original link is recovered after a service-level agreement (SLA) violation but the application traffic does not switch back to the original link.

Solution

Applications change links only on an SLA violation, because applications are not tied to a specific link and are based on SLA type, such as path preference or link performance metrics.

Problem

Description: All WAN links are up but not all links are being utilized.

Solution

It is possible that all SD-WAN policies can select the same WAN link if they match the SLAs. If the CPE receives a lot of matching and non-matching application traffic for SD-WAN policies, but not all WAN links are being used, then ensure the following:

  1. Check that the CPE device receives multiple flows per application.
  2. Check that all the WAN overlays are up (IPsec, GRE) in the CPE device and the hub device.
  3. Check the SLA performance data or real-time performance monitoring (RPM) probe results in the CPE device for all links.

    Log in to the Administration Portal, and select Monitor > Applications > SLA Performance.