Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Update to Junos SRX device fails with error "mgd: Missing mandatory statement: 'policy' "

0

0

Article ID: KB17728 KB Last Updated: 30 Aug 2017Version: 2.0
Summary:

When updating an SRX device running Junos, the device fails with error "mgd: Missing mandatory statement: 'policy' ". This article explains the reason and offers two workarounds.

Symptoms:

The following error message is seen when the SRX is updated from NSM or Junos Space Security Director:

Error Code:

Error Text:
Update fails UpdateDevice Results
sanityCheckCmd Success.
lock Success.
GenerateEditConfig Success.
confirmedCommit Failed .
<?xml version="1.0" encoding="UTF-8"?>
<commit-results xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" xmlns:junos="http://xml.juniper.net/junos/10.1R2/junos" xmlns:nc="urn:ietf:params:xml:ns:netconf:base:1.0">
<rpc-error>
<error-severity>error</error-severity>
<error-path>[edit security policies]</error-path>
<error-info>
<bad-element>from-zone LBI to-zone PCN</bad-element>
</error-info>
<error-message>mgd: Missing mandatory statement: 'policy'</error-message>
</rpc-error>
<rpc-error>
<error-severity>error</error-severity>
<error-path>[edit security policies]</error-path>
<error-info>
<bad-element>from-zone ABCto-zone XYZ</bad-element>
</error-info>
<error-message>mgd: Missing mandatory statement: 'policy'</error-message>
</rpc-error>
<rpc-error>
<error-severity>error</error- ...
Cause:

This is because all the rules relating to zone ABC to zone XYZ are disabled in NSM and are pushed to the SRX/Junos device. Junos does not allow all rules in a policy to be disabled. There should be at least one rule enabled between the two zones. If the rules are not required, they all can be deleted, but all rules can not be disabled.

Solution:
One solution is to activate at least one rule for the traffic between the ABC to XYZ zones.

Another solution is to delete all the rules for the traffic between the ABC to XYZ zones.


 

Modification History:
2017-8-30: Added Junos Space Security Director to Products.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search