Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Known Issues

This section lists known issues in Juniper Networks CSO Release 6.2.0.

SD-WAN

  • In case of SRX3xx chassis cluster, data tunnels on secondary node are reported as down. Traffic continues to flow through tunnels connected to the primary node.

    Workaround: There is no known workaround.

    Bug Tracking Number: PR 157491

  • When an SD-WAN controller is down or not reachable from CSO, you cannot delete a site or tenant from CSO.

    Workaround: Recover the SD-WAN controller and retry deleting the site or tenant.

    Bug Tracking Number: CXU-43724

  • When configuring a DVPN tunnel between two devices, if one device is not functional while the other is functional, the DVPN tunnel should not be configured on the device that is functional.

    Workaround: If a DVPN tunnel is configured on the functional device, delete the tunnel manually.

    Bug Tracking Number: CXU-46188

  • VNFs are not coming up in NFX150 running on Junos OS Release 19.3R2-S3 due to non availability of the required number of CPUs.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-49268

  • If you are an OpCo administrator and edit the OAM and CONTROL traffic profiles after your tenants have deployed SD-WAN policy intents, then the changes are not immediately applied on your tenant devices.

    Workaround: The changes are applied to the device only when your tenants redeploy the SD-WAN policy.

    Bug Tracking Number: CXU-52482

  • You must specify the same value for the Loss Priority field on the SLA Profile page and the Traffic Type Profile page; otherwise, the Loss Priority parameter might not be applied during the traffic congestions.

    Workaround: Ensure that you specify the same value for the Loss Priority field on the SLA Profile and Traffic Type Profile pages.

    Bug Tracking Number: CXU-52516

  • CSO does not create tunnels in redundant sparse mode between primary and backup WAN links. The WAN links added as redundant sparse links must be either backup links or primary links in both the sites.

    Workaround:

    • To connect a branch site to its parent enterprise hub: On the site edit screen, disable the Use Mesh Tags to Connect Ehub option, enable the Connects to Enterprise Hubs option, and manually select the end points.
    • To connect a branch site to another branch site: Edit the mesh tags so that one overlay tunnel is formed over each WAN link.

    Bug Tracking Number: CXU-59071

  • Traffic does not flow from the primary to the secondary enterprise hub if the CSO version is different on both the hubs.

    Workaround: Ensure that the CSO version is the same on both the hubs.

    Bug Tracking Number: CXU-58666

High Availability

  • On an SRX4200 chassis cluster, LAN segment with aggregated interface with LLDP enabled fails.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-54985

Security Management

  • On NFX150 and NFX250 devices, firewall policies are not applied automatically after RMA.

    Workaround: After the RMA is done, you must apply the policy configurations again after adding the necessary licenses, certificates, and signatures.

    Bug Tracking Number: CXU-51335

  • If UTM Web-filtering categories are installed manually (by using the request system security UTM web-filtering category install command from the CLI) on an NFX150 device, the intent-based firewall policy deployment from CSO fails.

    Workaround: Uninstall the UTM Web-filtering category that you installed manually by executing the request security utm web-filtering category uninstall command on the NFX150 device and then deploy the firewall policy.

    Bug Tracking Number: CXU-23927

  • When you try to deploy a firewall policy with the destination application as none, the deployment fails with the error message junos-defaults should be configured along with dynamic-application.

    Workaround: Create the firewall policy with the destination application as none, service as any, and deploy the policy.

    Bug Tracking Number: CXU-60302

Site and Tenant Workflow

  • Remote console from the CSO GUI to an SRX4200 or SRX1500 device sometimes uses Read-Write user even if Read-only option was selected while launching the remote console.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57051

  • If service provisioning job for a site is in progress, you should not attempt Edit Site or Delete Site operation.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-53721

  • When the non-preferred link-type for an application transitions from SLA violated to SLA met, during the time when the non-preferred link-type is being used. The application flow does not transition to preferred link type even if it is available. This happens till the time non-preferred link-type again transitions to SLA violated.

    Workaround: Bounce the non-preferred link type.

    Bug Tracking Number: CXU-55353

  • Site edit might fail in case of conflicting user defined templates deployed on the device.

    Workaround: Undeploy the user defined templates prior to edit operations and re-deploy the user defined templates post edit.

    Bug Tracking Number: CXU-55399

  • When you enable Local Internet Breakout (LBO) on the WAN by using site edit workflow, the underlay traffic might drop.

    Workaround: Deploy new firewall policy post WAN edit operation.

    Bug Tracking Number: CXU-53095

  • If you delete an SD-WAN intent on a site that has a modelled LAN segment, then the configuration is not deleted from the device.

    Workaround: Deploy or delete the modelled LAN segment.

    Bug Tracking Number: CXU-59863

General

  • When upgrading a vSRX cluster, only the primary node of the cluster is upgraded.

    Workaround: Upgrade each node in the cluster individually, using the steps below:

    1. Initiate an image deploy job on the device to upgrade the current primary node (node0).

      After the image deployment is completed and the node0 is rebooted, the secondary node (node1) takes over as the primary node.

    2. Initiate another image deployment job on the device to upgrade the new primary node (node1).

    Bug Tracking Number: CXU-59997

  • The show class-of-service interface <ifl> command does not show the correct CoS profiles when the command is applied using wildcard configurations.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57580

  • Zoom calls will be shown under zoom-voice-video or not as zoom-voice and zoom video due to platform dependency.

    Workaround: There is no known workaround.

    Bug Tracking Number: PR1589933

  • When a power failure occurs, CAN becomes unhealthy.

    Workaround: Contact customer support.

    Bug Tracking Number: CXU-58306

  • Configuration template deployment for common-dnssplit-hub on hub and common-dnssplit-spoke on site might fail.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-54299

  • Bootstrap job waits until it tries for a few times to send the bootstrap complete message to CSO. After the bootstrap job fails from CSO side, it tries to connect to CSO on the device side, and then the ZTP job starts.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57280

  • If more than one alarm of the type Chassis/Fan/PEM/Control_board/ RE/Configuration/License/Temperature is active on the device, only one alarm is shown in the CSO GUI summarizing with a count mentioned in the alarm description.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57280

  • On an SRX4600 device, the same 40G (et) interface can be shared with two WAN links only if both the WAN interfaces are VLAN tagged. If any one of the WAN interface is untagged, the deployment fails.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-58158

  • Load recovery configuration fails with *warning: The cso_telemetry_agent package is not allowed by the candidate configuration. message if the device or site is reused without deleting from CSO.

    Workaround: Run the command, request system software delete cso_telemetry_agent on the device, and then initate the commit of recovery configuration.

    Bug Tracking Number: CXU-57924

  • When a Spoke's Primary-EHUB (EHUB1) is not site-upgraded and Secondary-EHUB (EHUB2) is site-upgraded, then traffic from Spoke to Secondary-EHUB Datacenter may not work.

    Workaround: You can do one of the following:

    • Upgrade both the Primary and Secondary EHUB.
    • Advertise same routes from both Primary and Secondary E-Hub Datacenter, then traffic continues to take the Primary Datacenter.

    Bug Tracking Number: CXU-58124

  • In some cases, bootstrap job is not triggered if SRX ZTP is executed over LTE WAN link with factory default configuration. On SRX345 devices running CSO, ZTP fails with factory-default configuration if the internet connectivity is through the LTE interface.

    Workaround: Run the delete chassis auto-image-upgrade command from the factory-default configuration and commit.

    Bug Tracking Number: PR 1569595

  • On NFX150 Series devices, Class of Service (CoS) does not work for PPP interface.

    Workaround: There is no known workaround.

    Bug Tracking Number: PR 1581489

  • Even after you change the Site name by using site-edit option, some of the job logs might still refer to the old site-name. However, this does not affect the service.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-54355

  • You should not select OPCO name in SRX-HUB-BREAKOUT template and deploy. The template deployment fails in such cases.

    Workaround: You should remove the OPCO name selected in in SRX-HUB-BREAKOUT template and redeploy the template.

    Bug Tracking Number: CXU-54312

  • On an SRX Series device, the deployment fails if you use the same IP address in both the Global FW policy and the Zone policy.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-41259

  • Tenant owned Public IP Pool can be edited until the first SD-WAN site is onboarded in that tenant. After you onboard an SD-WAN site, Tenant owned Public IP Pool cannot be edited.

    Bug Tracking Number: CXU-41139

  • When you upgrade the image for SRX4200 dual CPE device, the job status is displayed as Success even though the reboot is in progress for the secondary node.

    Workaround: Check the status of the cluster and the FPC status on the primary node before proceeding with any other activity on the CPE device.

    Bug Tracking Number: CXU-52974

  • Ubuntu service chaining instance fails on NFX150.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-52512