Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Troubleshooting Policy Enforcer and SRX Series device Enrolment Issues

 

To resolve Policy Enforcer and SRX Series device enrolment issues, you must do the following:

  • Check if Policy Enforcer and Security Director are on the same version.

  • Use supported SRX Series or EX Series devices.

  • SRX Series or EX Series device must be running supported Junos OS Release. For more information, see Supported Devices.

  • Check for SRX Series supported feature against the Model Cloud feed, SkyATP and so on.

  • Check for SRX Series premium, basic, or free license and supported features.

  • For SRX550M, SRX340, or SRX345 models, use set security forwarding-process enhanced-services-mode command.

    Note

    Above command requires device reboot, therefore plan the downtime.

  • Junos Space should have matching schema as per device Junos version.

  • Check that the device is not enrolled directly via SLAX script. If enrolled, then disenroll the device.

  • To check if the device is directly enrolled to SkyATP or enrolled via Policy Enforcer.

    For example

  • When you start enrolling the device to realm <RPC> job is triggered in Security Director and this is visible only for SkyATP and SkyATP with SDSN mode Policy Enforcer deployment.

  • For SDSN to work, make sure that the topologies should be as per Supported Topologies. End host connection should be Access Port and other interconnecting ports should be Trunk Port.