Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Known Behavior

This section lists the known behavior in Policy Enforcer Release 23.1R1.

  • An error may be displayed in the Status column on the vCenter Task pane when deploying vSRX in host based mode for east-west traffic. To overcome this resource pool error, you must enable DRS mode on the cluster in which you deploy vSRX device.

  • When you open the vSRX console through vCenter, ignore the displayed warning.

  • You can associate a tenant with only one VRF instance.

  • A realm can have all the sites either with tenants or without tenants.

  • Tenants and VRF-based feeds are supported only on MX Series devices.

  • To take action on the feeds from Policy Enforcer, you must configure policies on the MX Series device through the CLI and not from Security Director.

  • To upload certificates for Policy Enforcer, to be used in certificate-based authentication mode of Junos Space, Junos Space must be in password authentication mode to complete the Policy Enforcer settings workflow. The mode can be switched to certificate-based authentication after the Policy Enforcer settings are completed.

  • Policy Enforcer supports only the default global domain in Junos Space Network Management.

  • When you are creating a connector for third-party devices, it is mandatory to add at least one IP subnet to a connector. You cannot complete the configuration without adding a subnet.

  • If you replace a device as part of RMA and if that device is already in secure fabric, you must remove the device from secure fabric and add it again. Otherwise, feeds are not downloaded to the replaced device.

  • ATP Appliance zone creation or assignment cannot be done in the General Setup Wizard.

  • Ensure that the time difference between the ATP Appliance and the SRX Series devices is less than 20 seconds to avoid the enrollment failure.

  • When the vSRX device is disenrolled with ATP Appliance and enrolled again, you might see the device shown twice in the Feed Sources page in Security Director.

  • When the feed source is JATP, you must change the Infected host state in the ATP Appliance portal. There are no Dashboard widgets to show the ATP Appliance related threats or Infected hosts in Security Director.

  • During the ATP Appliance enrollment, it may state that Juniper ATP Cloud license is not present. You can ignore this warning.

  • For SRX Series devices in a chassis cluster, both primary and secondary chassis cluster nodes need to be discovered in Security Director before adding them to secure fabric. If only one chassis cluster node is discovered and added to secure fabric, the feed download does not work after failover to secondary node.