Open Issues

Learn about the known issues for Connected Security Distributed Services (CSDS) Architecture in this release.

• In JDM, intermittently, the command request csds extract-vsrx-keys csds-instance-id 0 fails with the error message Extracting VSRX keys failed on vnf0. PR1846684.

• In Multinode High Availability solution, IPsec VPN tunnel distribution table on the Routing Engine (RE) is not cleaned up, leading to the SRX Series Firewall Packet Forwarding Engine (PFE) coredump although DPD is configured. PR1850526

• In Multinode High Availability solution with SRG1 IPsec VPN configuration, the layer 3 Interchassis link (ICL) IPsec encryption link goes down permanently after rebooting the connected router through which the ICL was established. During this state, the IKE process got stuck at ~70% on the Multinode High Available active node. PR1850967.

• The uid of jnuadmin changes when you delete and then add back the JNU configuration. PR1854326.

• Intermittently, when the schema.tar.gz failed to secure copy (scp) from the satellite to the controller, the jnud process continues synchronizing with the MX Series controller. PR1854356.

• In Multinode High Availability solution, the ICL link encryption must be used for connection between the pub-broker and sub-broker with loopback interface IP addresses to avoid IPsec session synchronization failure between the master and backup Multinode High Availability nodes. PR1840788.

• In Multinode High Availability solution with SRG1 IPsec VPN configuration, the command show chassis high-availability information shows SRG1 control plane state as Ready although the ICL connection between the Pub-Broker and Sub-broker is not established properly and the IPsec sessions are getting synchronized between the master and standby peers. PR1840803.