Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Known Issues

This section lists known issues in Juniper Networks CSO Release 6.3.0.

SD-WAN

  • Using NAT rule configuration command, when you configure an IP address with an invalid prefix on an SRX/USF platform, configuration fails with the error message Configured address is not the network address of the prefix ' '. This issue occurs during Junos OS upgrade to Junos OS 22.2R1 or 22.1R1.

    Workaround: Correct NAT IP address configuration before upgrade.

    Bug Tracking Number: PR 1623658

  • In case of SRX3xx chassis cluster, data tunnels on secondary node are reported as down. Traffic continues to flow through tunnels connected to the primary node.

    Workaround: There is no known workaround.

    Bug Tracking Number: PR 157491

  • When an SD-WAN controller is down or not reachable from CSO, you cannot delete a site or tenant from CSO.

    Workaround: Recover the SD-WAN controller and retry deleting the site or tenant.

    Bug Tracking Number: CXU-43724

  • When configuring a DVPN tunnel between two devices, if one device is not functional while the other is functional, the DVPN tunnel should not be configured on the device that is functional.

    Workaround: If a DVPN tunnel is configured on the functional device, delete the tunnel manually.

    Bug Tracking Number: CXU-46188

  • VNFs are not coming up in NFX150 running on Junos OS Release 19.3R2-S3 due to non availability of the required number of CPUs.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-49268

  • If you are an OpCo administrator and edit the OAM and CONTROL traffic profiles after your tenants have deployed SD-WAN policy intents, then the changes are not immediately applied on your tenant devices.

    Workaround: The changes are applied to the device only when your tenants redeploy the SD-WAN policy.

    Bug Tracking Number: CXU-52482

  • You must specify the same value for the Loss Priority field on the SLA Profile page and the Traffic Type Profile page; otherwise, the Loss Priority parameter might not be applied during the traffic congestions.

    Workaround: Ensure that you specify the same value for the Loss Priority field on the SLA Profile and Traffic Type Profile pages.

    Bug Tracking Number: CXU-52516

  • CSO does not create tunnels in redundant sparse mode between primary and backup WAN links. The WAN links added as redundant sparse links must be either backup links or primary links in both the sites.

    Workaround:

    • To connect a branch site to its parent enterprise hub: On the site edit screen, disable the Use Mesh Tags to Connect Ehub option, enable the Connects to Enterprise Hubs option, and manually select the end points.
    • To connect a branch site to another branch site: Edit the mesh tags so that one overlay tunnel is formed over each WAN link.

    Bug Tracking Number: CXU-59071

  • Traffic does not flow from the primary to the secondary enterprise hub if the CSO version is different on both the hubs.

    Workaround: Ensure that the CSO version is the same on both the hubs.

    Bug Tracking Number: CXU-58666

High Availability

  • On an SRX4200 chassis cluster, LAN segment with aggregated interface with LLDP enabled fails.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-54985

  • In some cases, when you upgrade a dual CPE site from CSO Release 6.1.0 to 6.3.0, the Link Redundancy option is not displayed for an LTE link.

    Workaround: Delete the LTE link and add it back again.

    Bug Tracking Number: CXU-62304

Security Management

  • On NFX150 and NFX250 devices, firewall policies are not applied automatically after RMA.

    Workaround: After the RMA is done, you must apply the policy configurations again after adding the necessary licenses, certificates, and signatures.

    Bug Tracking Number: CXU-51335

  • If UTM Web-filtering categories are installed manually (by using the request system security UTM web-filtering category install command from the CLI) on an NFX150 device, the intent-based firewall policy deployment from CSO fails.

    Workaround: Uninstall the UTM Web-filtering category that you installed manually by executing the request security utm web-filtering category uninstall command on the NFX150 device and then deploy the firewall policy.

    Bug Tracking Number: CXU-23927

  • When you try to deploy a firewall policy with the destination application as none, the deployment fails with the error message junos-defaults should be configured along with dynamic-application.

    Workaround: Create the firewall policy with the destination application as none, service as any, and deploy the policy.

    Bug Tracking Number: CXU-60302

Site and Tenant Workflow

  • Remote console from the CSO GUI to an SRX4200 or SRX1500 device sometimes uses Read-Write user even if Read-only option was selected while launching the remote console.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57051

  • If service provisioning job for a site is in progress, you should not attempt Edit Site or Delete Site operation.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-53721

  • When the non-preferred link-type for an application transitions from SLA violated to SLA met, during the time when the non-preferred link-type is being used. The application flow does not transition to preferred link type even if it is available. This happens till the time non-preferred link-type again transitions to SLA violated.

    Workaround: Bounce the non-preferred link type.

    Bug Tracking Number: CXU-55353

  • Site edit might fail in case of conflicting user defined templates deployed on the device.

    Workaround: Undeploy the user defined templates prior to edit operations and re-deploy the user defined templates post edit.

    Bug Tracking Number: CXU-55399

  • When you enable Local Internet Breakout (LBO) on the WAN by using site edit workflow, the underlay traffic might drop.

    Workaround: Deploy new firewall policy post WAN edit operation.

    Bug Tracking Number: CXU-53095

  • If you delete an SD-WAN intent on a site that has a modelled LAN segment, then the configuration is not deleted from the device.

    Workaround: Deploy or delete the modelled LAN segment.

    Bug Tracking Number: CXU-59863

  • When you deploy multiple LAN segments with or without DHCP, then the LAN interface is missing from the device which has DHCP enabled.

    Workaround: Edit the LAN segment to include the LAN interface and redeploy the LAN segment

    Bug Tracking Number: CXU-61714

General

  • The show class-of-service interface <ifl> command does not show the correct CoS profiles when the command is applied using wildcard configurations.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57580

  • Zoom calls will be shown under zoom-voice-video or not as zoom-voice and zoom video due to platform dependency.

    Workaround: There is no known workaround.

    Bug Tracking Number: PR1589933

  • When a power failure occurs, CAN becomes unhealthy.

    Workaround: Contact customer support.

    Bug Tracking Number: CXU-58306

  • Configuration template deployment for common-dnssplit-hub on hub and common-dnssplit-spoke on site might fail.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-54299

  • Bootstrap job waits until it tries for a few times to send the bootstrap complete message to CSO. After the bootstrap job fails from CSO side, it tries to connect to CSO on the device side, and then the ZTP job starts.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57280

  • If more than one alarm of the type Chassis/Fan/PEM/Control_board/ RE/Configuration/License/Temperature is active on the device, only one alarm is shown in the CSO GUI summarizing with a count mentioned in the alarm description.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-57280

  • On an SRX4600 device, the same 40G (et) interface can be shared with two WAN links only if both the WAN interfaces are VLAN tagged. If any one of the WAN interface is untagged, the deployment fails.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-58158

  • Load recovery configuration fails with *warning: The cso_telemetry_agent package is not allowed by the candidate configuration. message if the device or site is reused without deleting from CSO.

    Workaround: Run the command, request system software delete cso_telemetry_agent on the device, and then initate the commit of recovery configuration.

    Bug Tracking Number: CXU-57924

  • When a Spoke's Primary-EHUB (EHUB1) is not site-upgraded and Secondary-EHUB (EHUB2) is site-upgraded, then traffic from Spoke to Secondary-EHUB Datacenter may not work.

    Workaround: You can do one of the following:

    • Upgrade both the Primary and Secondary EHUB.
    • Advertise same routes from both Primary and Secondary E-Hub Datacenter, then traffic continues to take the Primary Datacenter.

    Bug Tracking Number: CXU-58124

  • In some cases, bootstrap job is not triggered if SRX ZTP is executed over LTE WAN link with factory default configuration. On SRX345 devices running CSO, ZTP fails with factory-default configuration if the internet connectivity is through the LTE interface.

    Workaround: Run the delete chassis auto-image-upgrade command from the factory-default configuration and commit.

    Bug Tracking Number: PR 1569595

  • On NFX150 Series devices, Class of Service (CoS) does not work for PPP interface.

    Workaround: There is no known workaround.

    Bug Tracking Number: PR 1581489

  • Even after you change the Site name by using site-edit option, some of the job logs might still refer to the old site-name. However, this does not affect the service.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-54355

  • You should not select OPCO name in SRX-HUB-BREAKOUT template and deploy. The template deployment fails in such cases.

    Workaround: You should remove the OPCO name selected in in SRX-HUB-BREAKOUT template and redeploy the template.

    Bug Tracking Number: CXU-54312

  • On an SRX Series device, the deployment fails if you use the same IP address in both the Global FW policy and the Zone policy.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-41259

  • When you upgrade the image for SRX4200 dual CPE device, the job status is displayed as Success even though the reboot is in progress for the secondary node.

    Workaround: Check the status of the cluster and the FPC status on the primary node before proceeding with any other activity on the CPE device.

    Bug Tracking Number: CXU-52974

  • Ubuntu service chaining instance fails on NFX150.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-52512

  • On SRX dual CPEs, configuration template deployment for APN fails.

    Workaround: Deploy the APN profile manually on the SRX devices.

    Bug Tracking Number: CXU-61341

  • On the Customer Portal dashboard, the IP: Top Users by Session widget does not display the name of the authenticated user when a user-specific firewall policy is deployed.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-61255

  • The SSL proxy policy deployment job fails with the error Unable to get cert type for certid: DEFAULT_RootCA.

    Workaround: Log in to the device CLI, and execute the following command in the operational mode: request security pki ca-certificate ca-profile-group load ca-group-name ca-default filename default

    Bug Tracking Number: CXU-61418

  • Overlapping firewall policy intents might cause a reordering of all policy intents.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-62297

  • If you delete a user listed as a source in a firewall policy intent from the Active Directory database, then CSO does not mark the policy for deployment (that is, status is not marked as pending or redeployment).

    Workaround: Update and deploy the firewall policy manually.

    Bug Tracking Number: CXU-62279

  • Cannot clone a pre-defined IPS signature.

    Workaround: There is no known workaround.

    Bug Tracking Number: CXU-62310

  • The number of csv files in the /tmp folder on secmgt-monitoring pods increases over a period of time resulting in increased disk space utilization of microservices VMs.

    Workaround: Monitor/partition the VMs. If the utilization crosses 85%, contact Juniper support.

    Bug Tracking Number: CXU-60792

  • API dumps of pslam, tssm, and routing manager causes increased disk space utilization of microservices VMs.

    Workaround: Monitor/partition the VMs. If the utilization crosses 85%, contact Juniper support.

    Bug Tracking Number: CXU-60718

  • Infrastructure upgrade might fail due to Cassandra database corruption in one contrail_analytics node.

    Workaround: Contact Juniper support.

    Bug Tracking Number: CXU-62336

  • While upgrading to CSO Release 6.3.0, BGP connections between VRR and CPE flap, resulting in traffic loss.

    Workaround: Before you start the upgrade procedure:

    1. Extract the installer package. For example, if the name of the installer package is Contrail_Service_Orchestration_6.3.0.tar.gz

    2. Navigate to the Contrail_Service_Orchestration_6.3.0 directory.

    3. Remove the csp-routing-manager option from the ms_execution_sequence file.

    4. Verify that the csp-routing-manager option is removed from the ms_execution_sequence file.

      Bug Tracking Number: CXU-62419

Network Management and Monitoring

  • You cannot retrieve syslogs through streaming services for sites running CSO 6.0.0 and earlier releases.

    Workaround: Ensure that all the sites in your network are running CSO Release 6.1.0. or later releases.

    Bug Tracking Number: CXU-61787

  • At times, alarms might not be cleared automatically.

    Workaround: Verify if the alarm is valid by verifying the state on the device. If the alarm is not valid, go to the Alarms page (Monitor > Monitoring Settings> Alarms), select the alarm, and click Clear to manually clear the alarm.

    Bug Tracking Number: CXU-62202