[Security Director] Deleted VPNs appear in publish objects in Security Director

  [KB34766] Show Article Properties


Summary:

Under some conditions, when a VPN object is deleted from Junos Space, the VPN object entry remains in Security Director.

Symptoms:
  • Preview configuration for VPNs shows deleted gateways (IKE/IPSec tunnels) to be pushed to the firewall.
  • Preview configuration for VPNs shows deleted routes (static/dynamic) to be pushed to the firewall.
  • Preview configuration for VPNs shows deleted routing instances to be pushed to the firewall.
Cause:

If the Security Directory IPSec VPN policy delete or modification task/job fails or is interrupted for any reason, the intermediate published data tables may have incorrect data.


 
Solution:

Work-around: Run the attached script to clean up the most common incompletely removed VPN DB entries. Contact JTAC with any questions or assistance using this script.

Before running this script, ensure all VPNs that exist in Security Director UI have been published. (It is recommended to run the publish operation for all VPNs and check the result prior to using this script.)

Note: This script is designed for use with Security Director 17.1 - 19.1. It may or may not work as expected on later versions.

  1. Make a backup of the Space database by following the steps in Backing Up the Junos Space Network Management Platform Database. (The process is the same for all Space versions.)
  2. Download the script file: CleanupStaleVPNs_sh.zip

  3. SCP the script file to the server and unzip.  (Unzip the script on the server to ensure file integrity.)
           Example:
           unzip CleanupStaleVPNs_sh​.zip
 
        4. Run Script:
        sh CleanupStaleVPNs.sh  

 
Note: The script can be extracted on your computer. Each command inside the script can run on from the CLI if copying to a remote system is difficult. The script first contains select queries which list out all the stale entries followed by the delete queries which will be deleting the stale entries.


Related KBs:
KB33777 - Device found in Security Director but not in Junos Space Platform
KB34767 - Update firewall policy job failing in Security Director
KB34765 - Stale entries for shared objects in Security Director

Related Links: