Known Behavior
To avoid a BEAST TLS 1.0 attack, whenever you log in to Junos Space through a browser tab or window, make sure that the tab or window was not previously used to access a non-HTTPS website. The best practice is to close your browser and relaunch it before logging in to Junos Space.
- Starting from Junos Space Network Management Platform Release 18.1R1 onwards, to view and edit firewall policies, users must have permissions or roles corresponding to all the attributes present under the Firewall Policies and Shared Objects predefined roles. Go to Network Management Platform>Role Based Access Control>Roles to view and assign the relevant roles.
- Tag names can be alphanumeric strings. The tag name can also contain underscores, hyphens,
and spaces. However, a tag name must not:
- Exceed 255 characters
- Start with a space
- Contain special characters such as commas, double quotation marks, or parentheses.
Note:“Untagged” is a reserved term and, therefore, you cannot create a tag with this name.
- The right-click menu is not available on the Import Licenses (Administration > Licenses > Import License) page. You can use either the browser menu options or the keyboard shortcuts to copy and paste onto the page.
- Device-initiated connections to Junos Space can have different IP addresses from those listed in Junos Space. For example, if you use a loopback address to discover a device, you can source the SSH session of the device from its interface address (Junos OS default behavior is to select the default address) instead. This can lead to firewall conflicts.
- When a remote user with the FMPM Manager role uses the API to access Junos Space Platform, the user details are not updated in the /opt/opennms/etc/users.xml file.
- You might observe the following limitations on the Topology page:
- The tooltip on the node displays the status as Active/Managed even when the node is down.
- For an SRX Series cluster, topology links are displayed only for the primary member of the cluster and not for the secondary member.
- When unified in-service software upgrade (ISSU) is performed from the Manage Operations workflow, the Routing Engines are not rebooted. The Routing Engines must be manually rebooted for the image to be loaded.
- For LSYS (logical, nonroot) devices, when there are pending out-of-band changes on the root device, the Resolve out-of-band changes menu option is disabled for those child LSYS devices, even though Device Managed Status displays Device Changed. This is by design.
- RMA is not supported on devices running ww Junos OS, and devices that are not running Junos OS.
- Script Manager supports only Junos OS Release 10.x and later.
- A stage device script or image supports only devices running Junos OS Release 10.x and later.
- For unified ISSU support for both device-initiated and Junos Space-initiated dual Routing Engine connections, we strongly recommend that you configure the virtual IP (VIP) on the dual Routing Engine device. Dual Routing Engine devices without VIP configuration are not fully supported on Junos Space.
- In a single node or multiple nodes, changes to the user (for example, password, roles, and disable or enable user) take effect only at the next login.
- Looking Glass functionality is not supported on logical systems.
- For devices running Junos OS Release 12.1 or later, the following parameters do not
display any data in the Network Monitoring workspace because the corresponding MIB objects
have been deprecated:
- jnxJsSPUMonitoringFlowSessIPv4
- jnxJsSPUMonitoringFlowSessIPv6
- jnxJsSPUMonitoringCPSessIPv4
- jnxJsSPUMonitoringCPSessIPv6
- jnxJsNodeSessCreationPerSecIPv4
- jnxJsNodeSessCreationPerSecIPv6
- jnxJsNodeCurrentTotalSessIPv4
- jnxJsNodeCurrentTotalSessIPv6
- For SNMPv3 traps, if more than one trap setting is configured in the
/opt/opennms/etc/trapd-configuration.xml file, then the
security-name attribute for the snmpv3-user element
must be unique for each configuration entry. If a unique security-name
attribute is not provided, then SNMP traps are not received by Network Monitoring.
The following is a sample snippet of the /opt/opennms/etc/trapd-configuration.xml file with two configuration entries:
<?xml version="1.0"?> <trapd-configuration snmp-trap-port="162" new-suspect-on-trap="false"> <snmpv3-user security-name="Space-SNMP-1" auth-passphrase="abcD123!" auth-protocol="MD5"/> <snmpv3-user security-name="Space-SNMP-2" auth-passphrase="abcD123!" auth-protocol="MD5" privacy-passphrase="zyxW321!" privacy-protocol="DES"/> </trapd-configuration>
- On the Network Monitoring > Node List > Node page, the ifIndex parameter is not displayed for IPv6 interfaces if the version of Junos OS running on the device is Release 13.1 or earlier. This is because IPv6 MIBs are supported only on Junos OS Release 13.2 and later.
-
When you modify the IP address of a Fault Monitoring and Performance Monitoring (FMPM) node using the Junos Space CLI, the FMPM node is displayed on the Fabric page but cannot be monitored by Junos Space Platform because of a mismatch in the certificate.
Workaround: After modifying the IP address of the FMPM node using the Junos Space CLI, generate a new certificate on the Junos Space VIP node and copy the certificate to the FMPM node by executing the following scripts on the Junos Space VIP node:
-
curl -k https://127.0.0.1:8002/cgi-bin/createCertSignReq.pl? ip='fmpm-node-ip'\&user='admin'\&password='password'
-
curl -k https://127.0.0.1:8002/cgi-bin/authenticateCertification.pl? ip='fmpm-node-ip'\&user='admin'\&password='password'\&mvCertToDestn='Y'
where fmpm-node-ip is the IP address of the FMPM node and password is the administrator's password.
-
-
When you execute a script and click the View Results link on the Script Management Job Status page, the details of the script execution results are displayed up to a maximum of 16,777,215 characters; the rest of the results are truncated.
This might affect users who execute the show configuration command on devices with large configurations or if the output of a Junos OS operational command (executed on a device) is large.
- When you configure a Junos Space fabric with dedicated database nodes, the Junos Space Platform database is moved from the Junos Space nodes to the database nodes. You cannot move the database back to the Junos Space nodes.
- For a purging policy triggered by a cron job:
- If the Junos Space fabric is configured with MySQL on one or two dedicated database nodes, the database backup files and log files (mainly in the /var/log/ directory with the filenames *.log.*, messages.*, or SystemStatusLog.*) are not purged from the dedicated database nodes.
- If the Junos Space fabric is configured with one or two FMPM nodes, the log files (mainly in the /var/log/ directory with the filenames *.log.*, messages.*, or SystemStatusLog.*) are not purged from the FMPM nodes.
- If Network Monitoring receives two traps within the same second—that is, one for a trigger alarm and another for a clear alarm—then the triggered alarm is not cleared because the clear alarm is not processed by Network Monitoring.
-
If you use Internet Explorer versions 8.0 or 9.0 to access the Junos Space Platform GUI, you cannot import multiple scripts or CLI Configlets at the same time.
Workaround: Use Internet Explorer Version 10.0 or later, or use a different supported browser (Mozilla Firefox or Google Chrome) to import multiple scripts or CLI Configlets at the same time.
- If you access the Junos Space Platform UI in two tabs of the same browser with two different domains selected and access the same page in both tabs, the information displayed on the page is based on the latest domain selected. To view pages that are accessible only in the Global domain, ensure that you are in the Global domain in the most recent tab in which you are accessing the UI.
- If you select the Add SNMP configuration to device check box on the Administration > Applications > Modify Network Management Platform Settings page and discover a device whose trap target is updated, clicking Resync Node from the Network Monitoring workspace does not reset the trap target for the device.
- If you clear the Add SNMP configuration to device check box on the Administration > Applications > Modify Network Management Platform Settings page, the trap target is not set for the device during device discovery and resynchronizing node operations.
- If you want to perform a global search by using partial keywords, append “*” to the search keywords.
- To perform a partial keyword search on tags on the Tags page (Administration > Tags) or the Apply Tags dialog box (right-click a device on the Device Management page and select Tag It), append * to the search keyword.
- Internet Explorer slows down because some scripts can take an excessive amount of time to run. The browser prompts you to decide whether to continue running the slow script. see http://support.microsoft.com/kb/175500 for instructions on how to fix this issue.
- When you switch from Space as system of record mode to Network as system of record mode, devices with the Managed Status Device Changed or Space & Device Changed are automatically synchronized after 900 seconds. To reduce this time period, modify the Polling time period secs setting for Network Management Platform (Administration > Applications > Modify Application Settings) to a lower value such as 150 seconds.
- In Space as System of Record (SSoR) mode on Junos Space, when a new authentication key is generated, devices discovered and managed using RSA keys whose management status is Device Changed move to the Key Conflict Authentication status. To resolve the conflict on the devices and bring them back to a key-based state, upload the RSA keys manually (Devices > Upload Keys to Devices).
-
The EnterpriseDefault (uei.opennms.org/generic/trap/EnterpriseDefault) event appears on the Events page in the Network Monitoring workspace only if there is no associated event definition for a received event. To create the required event definition, compile the MIB corresponding to the object ID (OID). You can find the OID by reviewing the details of the EnterpriseDefault event.
For more information about compiling SNMP MIBs, see Compiling SNMP MIBs.
- When a physical hard drive is removed from a Junos Space hardware appliance (JA2500) or a logical hard drive is degraded, the corresponding SNMP traps (jnxSpaceHardDiskPhysicalDriveRemoved and jnxSpaceHardDiskLogicalDeviceDegraded respectively) are generated and displayed as events in the Network Monitoring workspace. Later, when the physical hard drive is reinserted, the corresponding events (jnxSpaceHardDiskPhysicalDriveAdded and jnxSpaceHardDiskLogicalDeviceRebulding) are generated and displayed in the Network Monitoring workspace; however, the alarms previously raised for the removal of the physical hard drive are not cleared automatically. You can clear these alarms manually, if required. The alarms for the reinsertion of the physical hard drive are automatically cleared after a few minutes because they are of the Normal type.
-
If the administrator password for a Fault Monitoring and Performance Monitoring (FMPM) node is modified using the Junos Space CLI, the disaster recovery with the FMPM node fails and new users added in Junos Space (after the password is modified) are not synchronized to the FMPM node. This is because the modified administrator password is not automatically updated in the Junos Space MySQL database.
To ensure that the synchronization to the FMPM node takes place, you must run the /var/www/cgi-bin/changeSpecialNodepassword.pl script so that the modified FMPM node password is updated in the Junos Space MySQL database. The syntax for the script is as follows: /var/www/cgi-bin/changeSpecialNodePassword.pl fmpm-node-ip fmpm-node-password, where fmpm-node-ip is the IP address of the FMPM node, and fmpm-node-password is the modified password for the FMPM node.
- If you clear the Add SNMP configuration to device check box (on the Modify Network Management Platform Settings page under Administration > Applications > Network Management Platform > Modify Application Settings) and discover devices, and subsequently select the Add SNMP configuration to device check box and resynchronize nodes (Network Monitoring > Node List > Resync Nodes), the SNMPv2 trap target is updated on the devices.
- If you discover devices with the SNMP probing enabled, the correct version of the SNMP
trap target is updated on the devices for the following cases:
- When you modify the virtual IP (VIP) address or the device management interface IP address
- When a separate interface for device management is configured and there is a failover of the VIP node
- When you add or delete a Fault Monitoring and Performance Monitoring (FMPM) node
- When you discover devices when the Network Monitoring service is stopped and subsequently start the Network Monitoring service and resynchronize nodes (Network Monitoring > Node List > Resync Nodes)
In all other cases, the default SNMP trap target (SNMPv2) is updated on the devices. If needed, you can use the predefined SNMPv3 Configlets (CLI Configlets > CLI Configlets) to update the trap settings on the device.
- In Junos Space Platform Release 16.1R1, Network Monitoring supports only a single set of SNMPv3 trap parameters.
- In Junos Space Platform Release 16.1R1, you cannot modify the trap settings for the SNMPv3 manager on the Network Monitoring GUI. You can modify the trap settings manually in the /opt/opennms/etc/trapd-configuration.xml file. After modifying the trap settings manually, restart the Network Monitoring service.
- With default SNMPv3 trap settings, the discovery of devices running worldwide Junos OS (wwJunos OS devices) fails as the default SNMPv3 trap settings cannot be updated to wwJunos OS devices because wwJunos OS devices do not support privacy settings.
- The setting to manage objects from all assigned domains can be enabled globally for all users by selecting the Enable users to manage objects from all allowed domains in aggregated view check box in the Domains section of the Modify Application Settings page (Administration > Applications > Network Management Platform > Modify Application Settings). Alternatively, you can enable the setting to manage objects from all assigned domains at the user level by selecting the Manage objects from all assigned domains check box on the Object Visibility tab of the Change User Settings dialog box, which appears when you click the User Settings (gear) icon on the Junos Space banner.
- The Juniper Networks Device Management Interface (DMI) schema repository (https://xml.juniper.net/) does not currently
support IPv6. If you are running Junos Space on an IPv6 network, you can do one of the
following:
- Configure Junos Space to use both IPv4 and IPv6 addresses and download the DMI schema by using the Junos Space Platform Web GUI.
- Download the DMI schema by using an IPv4 client and update or install the DMI schema by using the Junos Space Web GUI.
- If you are planning on expanding the disk space for nodes in a Junos Space fabric (cluster) comprising of virtual appliances, you must first expand the disk space on the VIP node and ensure that the VIP node has come up (the status of the JBoss and MySQL services must be “Up”) before initiating the disk expansion on the other nodes in the fabric. If you fail to do this, it might cause fabric instability and you might be unable to access to the Junos Space GUI.
- In a Junos Space fabric with two or more nodes configured with both IPv4 and IPv6 addresses (dual stack), the communications between all nodes in the fabric must be enabled for both IPv4 and IPv6 addresses.
- The Network Monitoring Topology feature is not supported on Internet Explorer.
- If the network connectivity at the active disaster recovery site is down and the active site cannot connect to sufficient arbiter devices after resuming network connectivity, both sites become standby disaster recovery sites. Execute the jmp-dr manualFailover -a command at the VIP node of the active disaster recovery site to convert the original site to the active site and start the disaster recovery process.
- When you are discovering devices running the worldwide Junos OS (ww Junos OS devices), ensure that you wait at least 10 minutes after the Add Adapter job for the device worldwide Junos adapter has completed successfully before triggering the device discovery.
- A new pattern (requested 'commit synchronize' operation) is added to the syslog pattern in Junos Space Release 16.1R2. During the syslog registration after a device is discovered or connects back to Junos Space following a Junos Space upgrade from Release 16.1R1 to 16.1R2, the (requested 'commit synchronize' operation) pattern is added to the syslog patterns on the device. When you issue the commit synchronize command, Junos Space automatically resynchronizes only those devices that have the (requested 'commit synchronize' operation) pattern added to the syslog patterns.
- If you are using Internet Explorer to access the Junos Space Network Platform UI and need to copy the job ID value from the Job ID field of the Job Management page, you must click outside the job ID text to start the selection.
- After you upgrade Junos Space Platform from Release 16.1R1 to 17.1R1, the Last Reboot Reason field on the Administration > Fabric > View Node Detail > Reboot Detail page shows the value as Reboot from Shell/Other instead of Space reboot after Software Upgrade.
- If the device IP could not be verified, the Add Unmanaged Devices action fails.