Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Troubleshooting Image, License, and Policy Deployment Issues

Unable to find device image version

Problem

Description

How do I find my device image version without console access to the device?

Solution

Use the J-Web interface to find the device image version.

To access the J-Web interface of the device:

  1. Connect your laptop or workstation to any port (except ge-0/0/0) that is available on the device.

  2. Enable DHCP on the laptop or workstation and acquire the IP address and gateway information from the device.

  3. Use the gateway address (also known as the device address) in the Web browser to connect to the J-Web interface.

  4. Log in with the default username root. As the root user, you don’t need a password to log in.

    The Welcome page appears displaying the device image version.

Upgrade device image using J-Web

Problem

Description

Device image version is 15.1X49-D110; how do I upgrade the device image before site onboarding?

Solution

Use the J-Web interface to upgrade the device image.

To upgrade the device image using J-Web:

  1. Download the recommended image or the software version from the Juniper Networks website to your local machine.

  2. Log in to the J-Web interface.

  3. Select Maintain > Software > Upload Package.

  4. Navigate to the device image file location and select the file.

  5. Click Upload and Install Package to upgrade the device image.

Unable to connect to the device

Problem

Description

I am not able to log in to the device through the J-Web interface or through the device console. How do I proceed?

Solution

Press and hold the Reset Config button on the device for 15 seconds. Wait for two minutes for the device to restore the factory-default settings. Log in to the device as the root user (no password is required for the root user). If you are still not able to access the device, then reboot the device.

Policy deployment failed

Problem

Description

Policy deployment failed; how do I proceed?

Solution

Verify the device connectivity to the Internet. Retry the policy deployment.

No data for next-generation firewall site

Problem

Description

Application Visibility Monitoring page shows no data for the next-generation firewall site; how do I proceed?

Solution

Do the following:

  • Verify that your network firewall allows the UDP port 514.

  • Verify the application visibility monitoring page after multiple application sessions (in the time range of 3–5 minutes) traffic.

  • Use an appropriate time interval for the query. For example, if you are querying for the traffic sent in the last 10 minutes, then try using a 15-minute query (minimum time interval).

No data for SD-WAN site

Problem

Description

Application visibility and WAN performance data on the Site Management page shows no data for the SD-WAN site; how do I proceed?

Solution

Do the following:

  • Verify the application visibility and WAN performance data after multiple application sessions (in the time range of 3-5 minutes) traffic.

  • Use an appropriate time interval for the query. For example, if you are querying for the traffic sent in the last 10 minutes, then try using a 15-minute query (minimum time interval).

Traffic from Spoke Sites Are Dropped or Are Not Reaching Internet or Destination

Problem

Description

Traffic from spoke sites are dropped or are not reaching the Internet or their specified destinations.

Solution

  1. Verify the alerts for overlay or underlay connections, and check whether BGP is active.

    Log in to Administration portal, and select Monitor > Alerts and Alarm > Alerts.

  2. Check whether the firewall policies are successfully deployed to the CPE device and that the traffic or applications are matching the policies to permit the traffic to Internet or to other sites.

    In Administration Portal, select Sites > Site-Name > Policies.

    Or log in to the CPE device and verify that the next-generation firewall policies are deployed.

  3. Check the routes in the default VRF route table in the CPE device.

  4. Trace the route and verify the reachability from the hub to the destination. If the hub cannot reach the Internet, then verify whether the firewall and NAT policies are set up properly in the hub.

  5. For further troubleshooting, collect the logs and output results and contact Juniper Networks Technical Support team.