Juniper SRX – Update the Operating System / Firmware

KB ID 0000989 


With two brand new SRX240 firewalls on the bench my first task was to get them updated to the latest operating system.


Before you start get the updated Juniper software.

Option 1 Update the SRX firewall via Command Line

1. Connect to the firewall via either Console cable, telnet, or SSH.

2. Log on and then go to CLI mode, and then configuration mode.

login: root Password: *******

— JUNOS 12.1X44-D30.4 built 2014-01-11 03:56:31 UTC

[email protected]% cli [email protected]> configure Entering configuration mode

[edit] [email protected]#

2. The more observant of you will have noticed that it has already shown you the OS version above, but in case there is any doubt.

[email protected]# show version ## Last changed: 2014-08-26 21:15:09 GMT version 12.1X44-D30.4;

[edit] [email protected]# exit

3. I’ve always got 3CDeamon on my laptop so I’ll copy the update file over via FTP to the /var/tmp folder. (Note: We’re not at CLI or configure mode!)

[email protected]% ftp Connected to 220 3Com 3CDaemon FTP Server Version 2.0 Name ( PeteLong 331 User name ok, need password Password:******** 230 User logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> lcd /var/tmp Local directory now /cf/var/tmp ftp> bin 200 Type set to I. ftp> get junos-srxsme-12.1X47-D10.4-domestic.tgz local: junos-srxsme-12.1X47-D10.4-domestic.tgz remote: junos-srxsme-12.1X47-D10. 4-domestic.tgz 200 PORT command successful. 150 File status OK ; about to open data connection 100% |**************************************************| 158 MB 00:00 ETA 226 Closing data connection; File transfer successful. 166060642 bytes received in 64.50 seconds (2.46 MB/s) ftp> bye 221 Service closing control connection [email protected]%

4. Now perform the upgrade.

[email protected]% cli [email protected]> request system software add no-copy /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz NOTICE: Validating configuration against junos-srxsme-12.1X47-D10.4-domestic.tgz . NOTICE: Use the ‘no-validate’ option to skip this if desired. Formatting alternate root (/dev/da0s2a)… /dev/da0s2a: 627.4MB (1284940 sectors) block size 16384, fragment size 2048 using 4 cylinder groups of 156.86MB, 10039 blks, 20096 inodes. super-block backups (for fsck -b #) at: 32, 321280, 642528, 963776 Extracting /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz … Checking compatibility with configuration Initializing… Verified manifest signed by PackageProduction_12_1_0 Verified junos-12.1X44-D30.4-domestic signed by PackageProduction_12_1_0 Using junos-12.1X47-D10.4-domestic from /altroot/cf/packages/install-tmp/junos-1 2.1X47-D10.4-domestic Copying package … Verified manifest signed by PackageProduction_12_1_0 Hardware Database regeneration succeeded Validating against /config/juniper.conf.gz Usage: license-check -f “<features>” -m -p -q -M -u -U -V Validation succeeded Installing package ‘/altroot/cf/packages/install-tmp/junos-12.1X47-D10.4-domesti c’ … Verified junos-boot-srxsme-12.1X47-D10.4.tgz signed by PackageProduction_12_1_0 Verified junos-srxsme-12.1X47-D10.4-domestic signed by PackageProduction_12_1_0 JUNOS 12.1X47-D10.4 will become active at next reboot WARNING: A reboot is required to load this software correctly WARNING: Use the ‘request system reboot’ command WARNING: when software installation is complete Saving state for rollback …

[email protected]>

5. Then reboot the firewall.

[email protected]> request system reboot Reboot the system ? [yes,no] (no) yes

Shutdown NOW! [pid 2749]

[email protected]>

*** FINAL System shutdown message from [email protected] ***

System going down IMMEDIATELY

6. Post reboot, check the version again.

login: root Password: ********

— JUNOS 12.1X47-D10.4 built 2014-08-14 22:21:50 UTC

[email protected]% cli [email protected]> configure Entering configuration mode

[edit] [email protected]# show version ## Last changed: 2014-08-26 21:51:09 GMT version 12.1X47-D10.4;

[edit] [email protected]#


Option 2 Update the SRX firewall via J-Web

1. To check the current version > Connect to the web console > Dashboard > Software Version.

update srx via j web

2. Maintain > Software > Upload Package > Choose File > Browse to the file you downloaded earlier > Upload and Install Package.

Note: Here I have selected ‘Reboot Firewall’, in production you may NOT want to do that until later.

update srx via j web

3. It can take a little while, (and look like nothing is happening), time for a coffee.

update srx via j web

4. Post reboot, check the version again to make sure it has incremented.

update srx via j web

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On