Skip to content


  • Route leak defined by reference to another VRF is not supported. Route leak with the policy is supported.
  • Juniper devices cannot be discovered using a root account. Such an account does not go straight to the CLI prompt. Please use a non-root account instead.

Known Affected platforms: Juniper SRX300

Description: show ethernet-switching interface detail can cause infinite loop output


Version 3.1.1 and earlier.

  • Endless command execution can cause device control plane overutilization issues that might also affect other control plane protocol operations (e.g. BFD). Further, it increases the time of IPF device/network discovery and can result in not discovering the device and gathering information from it.
  • We recommend removing such devices from the scope of IPF discovery (putting these devices to discovery exclude list).

Version 3.1.2 and above

  • Command show ethernet-switching interfaces detail is no longer used and was substituted by other commands including show ethernet-switching interfaces. Further show ethernet-switching interfaces command is only executed on devices discovered as EX or QFX switches.

Known Affected platforms: SRX, MX

Description: show ntp associations no-resolve command timeouts


Known Affected platforms: ALL - valid for version 3.1.1 and earlier

Description: The platform doesn’t discover Juniper devices with the root login. The root enters the shell prompt (%) and not the operational mode directly.


Version 3.1.1 and earlier - the root login cannot be used for discovery.

Version 3.1.2 and above - the root login may be used for discovery.

Known Affected platforms: ALL

Description: The Link-Layer Discovery Protocol (LLDP) links are not displayed in diagrams.

Result: To display LLDP links in diagrams correctly, the IP address of the neighbor has to be present in show lldp neighbor interface xx-x/x/x command. The IP address is present only when configured with the set lldp management-address xx.xx.xx.xx command in the configuration mode. More at:

Known Affected platforms: ALL

Description: Information gathered from running-config doesn’t reflect apply-groups.

Result: Some information gathered from running-config might be missing. Since version 6.3 tasks Zone Firewall, NAT44 and ACL aren’t affected, other tasks like SNMP and Syslog are still affected. More at:

Known Affected platforms: All

Description: fw ctl pstat command requires admin rights

Result: Without this command collected no memory utilization will be present

Known Affected platforms: ALL

Description: Routing table doesn’t reflect ECMP settings. Information is gathered with show route active-path. Actual forwarding table can contain less next hops.

Result: E2E path can show more paths when ECMP is disabled.

Check for additional information.

Discovery of Security Policies

  • Wildcard & Dynamic objects and negated services are not supported
  • Settings → Discovery & Snapshots → Discovery Settings → Vendors API in the IP Fabric GUI: In case that base URL points to a multi-domain server address, domains must be specified