Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation  Back up to About Overview 

Download This Guide

Known Behavior

This section contains the known behavior and limitations in Junos Space Security Director Release 17.2R1.

  • You must disable OpenNMS before installing the integrated Log Collector.

    To disable OpenNMS:

    1. Select Network Management Platform > Administration > Applications.

      The Applications page appears.

    2. Right-click Network Management Platform and select Manage Services.

      The Manage Services page appears.

    3. Select Network Monitoring and click the Stop Service icon.

      The network monitoring service is stopped and the status is changed to Disabled.

    Note: You must ensure that the Junos Space Network Management Platform and Security Director are already installed on a JA2500 or virtual machine.

  • The Enable preview and import device change option is disabled by default. To enable this option, select Network Management Platform > Administration > Applications. Right-click Security Director and select Modify Application Settings. Under Update Device, select the Enable preview and import device change option.
  • If you restart the JBoss application server manually in a six-node setup one-by-one, the Junos Space Network Management Platform and the Security Director user interfaces are launched, within 20 minutes, and the device reconnects to the Junos Space Network Management Platform. You can edit and publish the policies. When the connection status and the configuration status of all devices are UP and IN SYNC, respectively, click Update Changes to update all security-specific configurations or pending services on SRX Series devices.
  • To generate reports in the local time zone of the server, you must modify /etc/sysconfig/clock to configure the time zone. Changing the time zone on the server by modifying /etc/localtime is not sufficient.
  • After installing the Policy Enforcer Release 17.1 OVA image, you must manually start the following service commands:
    	service sd_event_listener start
	service ssh_listener start
  • If NSX-VSRX devices are managed in Security Director Release 17.1R1 and Policy Enforcer Release 17.1R1, then after upgrading to Security Director Release 17.1R2 and Policy Enforcer Release 17.1R2, the user has to login to the Policy Enforcer server using ssh and run the following command:

    cd /var/lib/nsxmicro

    ./migrate_devices.sh

    This script will migrate the existing Release 17.1R1 NSX-VSRX devices into the currently compatible Release 17.1R2.

  • If the NSX server SSL certificate has expired or changed, Security Director-to-NSX communication will not work and it will impact the functionality of the NSX, such as sync NSX inventory, security group update, and so on.

    You should refresh the NSX SSL certificate by performing the following:

    1. Log in to Policy Enforcer using SSH.
    2. Run the command:

      nsxmicro_refresh_ssl --server <<NSX IP ADDRESS>>--port 443

      This script gets the latest NSX SSL certificate and stores it for Security Director-to-NSX communication.

Modified: 2017-12-24

Previous Page Next Page