Juniper SRX Update the Operating System / Firmware

SRX Update KB ID 0000989 

Problem

With two brand new SRX firewalls on the bench my first task was to get them updated to the latest operating system.

Solution : SRX Update

Before you start get the updated Juniper software.

Option 1 Update SRX firewall via Command Line

1. Connect to the firewall via either Console cable, telnet, or SSH.

2. Log on and then go to CLI mode, and then configuration mode.

 login: root
Password: *******

— JUNOS 12.1X44-D30.4 built 2014-01-11 03:56:31 UTC

root@FW-02% cli root@FW-02> configure Entering configuration mode

[edit] root@FW-02#

2. The more observant of you will have noticed that it has already shown you the OS version above, but in case there is any doubt.

root@FW-02# show version
## Last changed: 2014-08-26 21:15:09 GMT
version 12.1X44-D30.4;

[edit] root@FW-02# exit

3. I’ve always got 3CDeamon on my laptop so I’ll copy the update file over via FTP to the /var/tmp folder. (Note: We’re not at CLI or configure mode!)

root@FW-02% ftp 10.5.0.2
Connected to 10.5.0.2.
220 3Com 3CDaemon FTP Server Version 2.0
Name (10.5.0.2:root): PeteLong
331 User name ok, need password
Password:********
230 User logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /var/tmp
Local directory now /cf/var/tmp
ftp> bin
200 Type set to I.
ftp> get junos-srxsme-12.1X47-D10.4-domestic.tgz
local: junos-srxsme-12.1X47-D10.4-domestic.tgz remote: junos-srxsme-12.1X47-D10.
4-domestic.tgz
200 PORT command successful.
150 File status OK ; about to open data connection
100% |**************************************************| 158 MB 00:00 ETA
226 Closing data connection; File transfer successful.
166060642 bytes
received in 64.50 seconds (2.46 MB/s)
ftp> bye
221 Service closing control connection
root@FW-02%

4. Now perform the upgrade.

root@FW-02% cli
root@FW-02> request system software add no-copy /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz
NOTICE: Validating configuration against junos-srxsme-12.1X47-D10.4-domestic.tgz
.
NOTICE: Use the 'no-validate' option to skip this if desired.
Formatting alternate root (/dev/da0s2a)...
/dev/da0s2a: 627.4MB (1284940 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 156.86MB, 10039 blks, 20096 inodes.
super-block backups (for fsck -b #) at:
32, 321280, 642528, 963776
Extracting /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz ...
Checking compatibility with configuration
Initializing...
Verified manifest signed by PackageProduction_12_1_0
Verified junos-12.1X44-D30.4-domestic signed by PackageProduction_12_1_0
Using junos-12.1X47-D10.4-domestic from /altroot/cf/packages/install-tmp/junos-1
2.1X47-D10.4-domestic
Copying package ...
Verified manifest signed by PackageProduction_12_1_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
Usage: license-check -f "<features>" -m -p -q -M -u -U -V
Validation succeeded
Installing package '/altroot/cf/packages/install-tmp/junos-12.1X47-D10.4-domesti
c' ...
Verified junos-boot-srxsme-12.1X47-D10.4.tgz signed by PackageProduction_12_1_0
Verified junos-srxsme-12.1X47-D10.4-domestic signed by PackageProduction_12_1_0
JUNOS 12.1X47-D10.4 will become active at next reboot
WARNING: A reboot is required to load this software correctly
WARNING: Use the 'request system reboot' command
WARNING: when software installation is complete
Saving state for rollback ...

root@FW-02>

5. Then reboot the firewall.

 

root@FW-02> request system reboot Reboot the system ? [yes,no] (no) yes

Shutdown NOW! [pid 2749]

root@FW-02>

*** FINAL System shutdown message from root@FW-02 ***

System going down IMMEDIATELY

6. Post reboot, check the version again.

 

login: root Password: ********

— JUNOS 12.1X47-D10.4 built 2014-08-14 22:21:50 UTC

root@FW-02% cli root@FW-02> configure Entering configuration mode

[edit] root@FW-02# show version ## Last changed: 2014-08-26 21:51:09 GMT version 12.1X47-D10.4;

[edit] root@FW-02#

 

Option 2:  SRX Update firewall via J-Web

1. To check the current version > Connect to the web console > Dashboard > Software Version.

update srx via j web

2. Maintain > Software > Upload Package > Choose File > Browse to the file you downloaded earlier > Upload and Install Package.

Note: Here I have selected ‘Reboot Firewall’, in production you may NOT want to do that until later.

update srx via j web

3. It can take a little while, (and look like nothing is happening), time for a coffee.

update srx via j web

4. Post reboot, check the version again to make sure it has incremented.

update srx via j web

Related Articles, References, Credits, or External Links

Installing Software on SRX Series Devices

Author: Migrated

Share This Post On