Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Security Director] Deleted VPNs appear in publish objects in Security Director



Article ID: KB34766 KB Last Updated: 16 Oct 2020Version: 2.0

Under some conditions, when a VPN object is deleted from Junos Space, the VPN object entry remains in Security Director. This article provides a script to run as a workaround for the issue.


  • Preview configuration for VPNs shows deleted gateways (IKE/IPSec tunnels) to be pushed to the firewall.

  • Preview configuration for VPNs shows deleted routes (static/dynamic) to be pushed to the firewall.

  • Preview configuration for VPNs shows deleted routing instances to be pushed to the firewall.



If the Security Directory IPSec VPN policy delete or modification task/job fails or is interrupted for any reason, the intermediate published data tables may have incorrect data.



Workaround: Run the attached script to clean up the most common incompletely removed VPN DB entries. Contact Support with any questions or assistance when using this script.

Before running this script, ensure all VPNs that exist in the Security Director UI have been published. (It is recommended to run the publish operation for all VPNs and check the result prior to using this script.)

Note: This script is designed for use with Security Director 17.1 - 19.1. It may or may not work as expected on later versions.

  1. Make a backup of the Space database by following the steps in Backing Up the Junos Space Network Management Platform Database. (The process is the same for all Space versions.)

  2. Download the script file:

  3. SCP the script file to the server and unzip. (Unzip the script on the server to ensure file integrity.)



  1. Run the script:


Note: The script can be extracted on your computer. Each command inside the script can run on from the CLI if copying to a remote system is difficult. The script first contains select queries which list out all the stale entries followed by the delete queries which will be deleting the stale entries.


Modification History:

2020-10-16: Script file updated


Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search