Juniper SRX – Update the Operating System / Firmware

KB ID 0000989 Dtd 26/08/14

Problem

With two brand new SRX240 firewalls on the bench my first task was to get them updated to the latest operating system.

Solution

Before you start get the updated Juniper software.

Option 1 Update the SRX firewall via Command Line

1. Connect to the firewall via either Console cable, telnet, or SSH.

2. Log on and then go to CLI mode, and then configuration mode.

login: root Password: *******

— JUNOS 12.1X44-D30.4 built 2014-01-11 03:56:31 UTC

root@FW-02% cli root@FW-02> configure Entering configuration mode

[edit] root@FW-02#

2. The more observant of you will have noticed that it has already shown you the OS version above, but in case there is any doubt.

root@FW-02# show version ## Last changed: 2014-08-26 21:15:09 GMT version 12.1X44-D30.4;

[edit] root@FW-02# exit

3. I’ve always got 3CDeamon on my laptop so I’ll copy the update file over via FTP to the /var/tmp folder. (Note: We’re not at CLI or configure mode!)

root@FW-02% ftp 10.5.0.2 Connected to 10.5.0.2. 220 3Com 3CDaemon FTP Server Version 2.0 Name (10.5.0.2:root): PeteLong 331 User name ok, need password Password:******** 230 User logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> lcd /var/tmp Local directory now /cf/var/tmp ftp> bin 200 Type set to I. ftp> get junos-srxsme-12.1X47-D10.4-domestic.tgz local: junos-srxsme-12.1X47-D10.4-domestic.tgz remote: junos-srxsme-12.1X47-D10. 4-domestic.tgz 200 PORT command successful. 150 File status OK ; about to open data connection 100% |**************************************************| 158 MB 00:00 ETA 226 Closing data connection; File transfer successful. 166060642 bytes received in 64.50 seconds (2.46 MB/s) ftp> bye 221 Service closing control connection root@FW-02%

4. Now perform the upgrade.

root@FW-02% cli root@FW-02> request system software add no-copy /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz NOTICE: Validating configuration against junos-srxsme-12.1X47-D10.4-domestic.tgz . NOTICE: Use the ‘no-validate’ option to skip this if desired. Formatting alternate root (/dev/da0s2a)… /dev/da0s2a: 627.4MB (1284940 sectors) block size 16384, fragment size 2048 using 4 cylinder groups of 156.86MB, 10039 blks, 20096 inodes. super-block backups (for fsck -b #) at: 32, 321280, 642528, 963776 Extracting /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz … Checking compatibility with configuration Initializing… Verified manifest signed by PackageProduction_12_1_0 Verified junos-12.1X44-D30.4-domestic signed by PackageProduction_12_1_0 Using junos-12.1X47-D10.4-domestic from /altroot/cf/packages/install-tmp/junos-1 2.1X47-D10.4-domestic Copying package … Verified manifest signed by PackageProduction_12_1_0 Hardware Database regeneration succeeded Validating against /config/juniper.conf.gz Usage: license-check -f "<features>" -m -p -q -M -u -U -V Validation succeeded Installing package ‘/altroot/cf/packages/install-tmp/junos-12.1X47-D10.4-domesti c’ … Verified junos-boot-srxsme-12.1X47-D10.4.tgz signed by PackageProduction_12_1_0 Verified junos-srxsme-12.1X47-D10.4-domestic signed by PackageProduction_12_1_0 JUNOS 12.1X47-D10.4 will become active at next reboot WARNING: A reboot is required to load this software correctly WARNING: Use the ‘request system reboot’ command WARNING: when software installation is complete Saving state for rollback …

root@FW-02>

5. Then reboot the firewall.

root@FW-02> request system reboot Reboot the system ? [yes,no] (no) yes

Shutdown NOW! [pid 2749]

root@FW-02>

*** FINAL System shutdown message from root@FW-02 ***

System going down IMMEDIATELY

6. Post reboot, check the version again.

login: root Password: ********

— JUNOS 12.1X47-D10.4 built 2014-08-14 22:21:50 UTC

root@FW-02% cli root@FW-02> configure Entering configuration mode

[edit] root@FW-02# show version ## Last changed: 2014-08-26 21:51:09 GMT version 12.1X47-D10.4;

[edit] root@FW-02#

 

Option 2 Update the SRX firewall via J-Web

1. To check the current version > Connect to the web console > Dashboard > Software Version.

update srx via j web

2. Maintain > Software > Upload Package > Choose File > Browse to the file you downloaded earlier > Upload and Install Package.

Note: Here I have selected ‘Reboot Firewall’, in production you may NOT want to do that until later.

update srx via j web

3. It can take a little while, (and look like nothing is happening), time for a coffee.

update srx via j web

4. Post reboot, check the version again to make sure it has incremented.

update srx via j web

Related Articles, References, Credits, or External Links

NA

Author: Migrated

Share This Post On