Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Known Issues

 

This section lists known issues in Juniper Networks CSO Release 6.1.0.

SD-WAN

  • L3 and L4 SD-WAN Intent deployment is successful on CSO 6.0.0 sites, even though it is not supported on CSO 6.0.0 sites.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57796

  • Use create specific custom Address (L3) objects in the intent rules. The default value, Any* is not working as expected due to platform issue for SD-WAN traffic steering context.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57868

  • WAN underlay link Throughput-Over-Time graph does not show proper data for SRX4600 single CPE site.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-58035

  • In case of SRX3xx chassis cluster, data tunnels on secondary node are reported as down. Traffic continues to flow through tunnels connected to the primary node.

    Workaround: There is no known workaround.

    Bug Tracking Number: PR 1574912

  • When an SD-WAN controller is down or not reachable from CSO, you cannot delete a site or tenant from CSO.

    Workaround: Recover the SD-WAN controller and retry deleting the site or tenant.

    Bug Tracking Number: CXU-43724

  • When configuring a DVPN tunnel between two devices, if one device is not functional while the other is functional, the DVPN tunnel should not be configured on the device that is functional.

    Workaround: If a DVPN tunnel is configured on the functional device, delete the tunnel manually.

    Bug Tracking Number: CXU-46188

  • VNFs are not coming up in NFX150 running on Junos OS Release 19.3R2-S3 due to non availability of the required number of CPUs.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-49268

  • If you are an Opco administrator and edit the OAM and CONTROL traffic profiles after your tenants have deployed SD-WAN policy intents, then the changes are not immediately applied on your tenant devices.

    Workaround: The changes are applied to the device only when your tenants redeploy the SD-WAN policy.

    Bug Tracking Number: CXU-52482

  • You must specify the same value for the Loss Priority field on the SLA Profile page and the Traffic Type Profile page; otherwise, the Loss Priority parameter might not be applied during the traffic congestions.

    Workaround: Ensure that you specify the same value for the Loss Priority field on the SLA Profile and Traffic Type Profile pages.

    Bug Tracking Number: CXU-52516

High Availability

  • On an SRX4200 chassis cluster, LAN segment with aggregated interface with LLDP enabled fails.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-54985

Security Management

  • On SRX345, SRX4100, SRX1500, and NFX150 devices, the recovery configuration is loaded after recalling them from CSO.

    Workaround: Manually load the recovery configuration from /config/recovery.conf or load the base configuration or factory default configuration to proceed with the next ZTP.

    Bug Tracking Number: CXU-58142

  • On NFX150 and NFX250 devices, firewall policies are not applied automatically after RMA.

    Workaround: After the RMA is done, you must apply the policy configurations again after adding the necessary licenses, certificates, and signatures.

    Bug Tracking Number: CXU-51335

  • If UTM Web-filtering categories are installed manually (by using the request system security UTM web-filtering category install command from the CLI) on an NFX150 device, the intent-based firewall policy deployment from CSO fails.

    Workaround: Uninstall the UTM Web-filtering category that you installed manually by executing the request security utm web-filtering category uninstall command on the NFX150 device and then deploy the firewall policy.

    Bug Tracking Number: CXU-23927

Site and Tenant Workflow

  • Remote console from the CSO GUI to an SRX4200 or SRX1500 device sometimes uses Read-Write user even if Read-only option was selected while launching the remote console.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57051

  • If service provisioning job for a site is in progress, you should not attempt Edit Site or Delete Site operation.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-53721

  • When the non-preferred link-type for an application transitions from SLA violated to SLA met, during the time when the non-preferred link-type is being used. The application flow does not transition to preferred link type even if it is available. This happens till the time non-preferred link-type again transitions to SLA violated.

    Workaround: Bounce the non-preferred link type.

    Bug Tracking Number: CXU-55353

  • Site edit might fail in case of conflicting user defined templates deployed on the device.

    Workaround: Undeploy the user defined templates prior to edit operations and re-deploy the user defined templates post edit.

    Bug Tracking Number: CXU-55399

  • When you enable Local Internet Breakout (LBO) on the WAN by using site edit workflow, the underlay traffic might drop.

    Workaround: Deploy new firewall policy post WAN edit operation.

    Bug Tracking Number: CXU-53095

General

  • Cores observed on SRX4xxx or SRX1500 platforms when you upgrade the cluster image from Junos OS Release 20.2 to Junos OS Release 20.4.

    Workaround: Contact Juniper Technical Support team.

    Bug Tracking Number: CXU-58632

  • The show class-of-service interface <ifl> command does not show the correct CoS profiles when the command is applied using wildcard configurations.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57580

  • Zoom calls will be shown under zoom-voice-video or not as zoom-voice and zoom video due to platform dependency .

    Workaround: There is no known workaround.

    Bug Tracking Number: PR1589933

  • When a power failure occurs, CAN becomes unhealthy.

    Workaround: Contact Juniper Technical Support team.

    Bug Tracking Number: CXU-58306

  • Configuration template deployment for common-dnssplit-hub on hub and common-dnssplit-spoke on site might fail.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-54299

  • Bootstrap job waits until it tries for a few times to send the bootstrap complete message to CSO. After the bootstrap job fails from CSO side, it tries to connect to CSO on the device side, and then the ZTP job starts.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57280

  • If more than one alarm of the type Chassis/Fan/PEM/Control_board/ RE/Configuration/License/Temperature is active on the device, only one alarm is shown in the CSO GUI summarizing with a count mentioned in the alarm description.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57515

  • On an SRX4600 device, the same 40G (et) interface can be shared with two WAN links only if both the WAN interfaces are VLAN tagged. If any one of the WAN interface is untagged, the deployment fails.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-58158

  • Load recovery configuration fails with *warning: The cso_telemetry_agent package is not allowed by the candidate configuration. message if the device or site is reused without deleting from CSO.

    Workaround: Run the command, request system software delete cso_telemetry_agent on the device, and then initate the commit of recovery configuration.

    Bug Tracking Number: CXU-57924

  • When a Spoke's Primary-EHUB (EHUB1) is not site-upgraded and Secondary-EHUB (EHUB2) is site-upgraded, then traffic from Spoke to Secondary-EHUB Datacenter may not work.

    Workaround: You can do one of the following:

    • Upgrade both the Primary and Secondary EHUB.

    • Advertise same routes from both Primary and Secondary E-Hub Datacenter, then traffic continues to take the Primary Datacenter.

    Bug Tracking Number: CXU-58124

  • In some cases, bootstrap job is not triggered if SRX ZTP is executed over LTE WAN link with factory default configuration. On SRX345 devices running CSO, ZTP fails with factory-default configuration if the internet connectivity is through the LTE interface.

    Workaround: Run the delete chassis auto-image-upgrade command from the factory-default configuration and commit.

    Bug Tracking Number: PR 1569595

  • On NFX150 Series devices, Class of Service (CoS) does not work for PPP interface.

    Workaround: There is no known workaround.

    Bug Tracking Number: PR 1581489

  • Even after you change the Site name by using site-edit option, some of the job logs might still refer to the old site-name. However, this does not affect the service.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-54355

  • You should not select OPCO name in SRX-HUB-BREAKOUT template and deploy. The template deployment fails in such cases.

    Workaround: You should remove the OPCO name selected in in SRX-HUB-BREAKOUT template and redeploy the template.

    Bug Tracking Number: CXU-54312

  • On an SRX Series device, the deployment fails if you use the same IP address in both the Global FW policy and the Zone policy.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-41259

  • Tenant owned Public IP Pool can be edited until the first SD-WAN site is onboarded in that tenant. After you onboard an SD-WAN site, Tenant owned Public IP Pool cannot be edited.

    Bug Tracking Number: CXU-41139

  • When you upgrade the image for SRX4200 dual CPE device, the job status is displayed as Success even though the reboot is in progress for the secondary node.

    Workaround: Check the status of the cluster and the FPC status on the primary node before proceeding with any other activity on the CPE device.

    Bug Tracking Number: CXU-52974

  • Ubuntu service chaining instance fails on NFX150.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-52512