Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 

Known Issues

  • If you create a firewall policy and deploy it to the device, and subsequently create one or more firewall policy intents without re-deploying the policy, the firewall policy is automatically deployed to the device when there's a change in the topology, such as the addition of a new site, department, or LAN segment.

    Workaround: Create firewall policy intents when you intend to deploy them to the device and re-deploy the policy. [CXU-15794]

  • In a HA setup, the time configured for the CAN VMs might not be synchronized with the time configured for the other VMs in the setup. This can cause issues in the throughput graphs.


    1. Log in to can-vm1 as root.
    2. Modify the /etc/ntp.conf file to point to the desired NTP server.
    3. Restart the NTP process.

    After the NTP process restarts successfully, can-vm2 and can-vm3 automatically re-synchronize their times with can-vm1.


  • On NFX Series devices, Touch Provisioning (ZTP) fails when you commit the stage-1 configuration when no VLAN is configured. [CXU-13446]
  • If you create VNF instances in the Contrail cloud by using Heat Version 2.0 APIs, a timeout error occurs after 120 instances are created.

    Workaround: If you want to create more than 120 instances (up to a maximum of 500 instances), use the Heat Version 1.0 APIs instead.

  • SD-WAN policies are incorrectly deployed automatically when signatures are not installed. [CXU-14799]
  • Rebooting the central infrastructure node might result in redis clusters not restarting properly.


    1. Log in to the central microservices node as root.
    2. At the shell prompt, run the kubectl get pods | grep secmgt-sm command to get the names of the security management pods that did not come up.
    3. Restart each pod by executing the kubectl delete pods secmgt-podname command.


  • If any nodes are in the “not ready” state while deploying micro services, some docker pods might not come up in the “running” state.

    Workaround: Log in to the VM that is having the problem and restart the docker service by executing the sudo service docker restart command. [CXU-16541]

  • Automatic Policy deployments on new Site addition (for example, auto NAT, firewall, SD-WAN) can sometimes fail due to trusted certificate installations on the device happening in parallel.

    Workaround: To redeploy the failed job, open the Configuration > Deployments > History window, select the failed job and click Re-Deploy. [CXU-16652]

  • When you delete a site, a certificate installation job is triggered and may fail. This does not cause any functionality issues and you can ignore the job failure message.

    Workaround: None. [CXU-16553]

  • Docker devicemapper data file size can increase and fill up your disk space, causing your VMs to go into a pause state.

    Workaround: None [CXU-16485]

Modified: 2017-12-18