Download This Guide
Known Issues
- If you create a firewall policy and deploy it to the device,
and subsequently create one or more firewall policy intents without
re-deploying the policy, the firewall policy is automatically deployed
to the device when there's a change in the topology, such as the addition
of a new site, department, or LAN segment.
Workaround: Create firewall policy intents when you intend to deploy them to the device and re-deploy the policy. [CXU-15794]
- In a HA setup, the time configured for the CAN VMs might
not be synchronized with the time configured for the other VMs in
the setup. This can cause issues in the throughput graphs.
Workaround:
- Log in to can-vm1 as root.
- Modify the /etc/ntp.conf file to point to the desired NTP server.
- Restart the NTP process.
After the NTP process restarts successfully, can-vm2 and can-vm3 automatically re-synchronize their times with can-vm1.
[CXU-15681]
- On NFX Series devices, Touch Provisioning (ZTP) fails when you commit the stage-1 configuration when no VLAN is configured. [CXU-13446]
- If you create VNF instances in the Contrail cloud by using
Heat Version 2.0 APIs, a timeout error occurs after 120 instances
are created.
Workaround: If you want to create more than 120 instances (up to a maximum of 500 instances), use the Heat Version 1.0 APIs instead.
- SD-WAN policies are incorrectly deployed automatically when signatures are not installed. [CXU-14799]
- Rebooting the central infrastructure node might result
in redis clusters not restarting properly.
Workaround:
- Log in to the central microservices node as root.
- At the shell prompt, run the kubectl get pods | grep secmgt-sm command to get the names of the security management pods that did not come up.
- Restart each pod by executing the kubectl delete pods secmgt-podname command.
[CXU-16307]
- If any nodes are in the “not ready” state
while deploying micro services, some docker pods might not come up
in the “running” state.
Workaround: Log in to the VM that is having the problem and restart the docker service by executing the sudo service docker restart command. [CXU-16541]
- Automatic Policy deployments on new Site addition (for
example, auto NAT, firewall, SD-WAN) can sometimes fail due to trusted
certificate installations on the device happening in parallel.
Workaround: To redeploy the failed job, open the Configuration > Deployments > History window, select the failed job and click Re-Deploy. [CXU-16652]
- When you delete a site, a certificate installation job
is triggered and may fail. This does not cause any functionality issues
and you can ignore the job failure message.
Workaround: None. [CXU-16553]
- Docker devicemapper data file size can increase and fill
up your disk space, causing your VMs to go into a pause state.
Workaround: None [CXU-16485]