Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Upgrading Your Policy Enforcer Software


To upgrade to the latest release of Policy Enforcer, download and run the rpm file available from Juniper Network’s software download page. You must have a version of Policy Enforcer already installed to run the upgrade script. If you do not, download the latest software version from the Policy Enforcer software download page and follow the Policy Enforcer Installation Overview instructions.


You can upgrade only from the previous release. For example, you can upgrade from 16.1R1 to 16.1R2 or from 16.1R2 to 17.1. You cannot skip a release. For example, upgrading from 16.1R1 to 17.1R1 is not supported.

To upgrade your Policy Enforcer software to the latest release:

  1. Access the Policy Enforcer software download page

  2. Select the Software tab.
  3. From the Version drop-down menu, select the version you want to install.
  4. From under the Application Package heading, download the Policy Enforcer RPM to your Policy Enforcer virtual appliance.
  5. On your Policy Enforcer virtual appliance, change directory to where you downloaded the RPM bundle and install it using the following command:

    [root@hostname~]# rpm -Uvh filename.rpm

    For example:

    [root@hostname~]# rpm -Uvh Policy_Enforcer-19.4R1-975-PE-Upgrade.rpm

It may take a few minutes to install the RPM bundle. Once installed, the Policy Enforcer screens within Security Director and any schema changes are updated. The configuration settings you used when you deployed the Policy Enforcer VM are retained.

To verify your upgrade:

  • In Security Director, select Administration > PE settings. This page shows the current installed Policy Enforcer version number.

  • Check the log file for any errors.

    • (Upgrading from 16.1R1 to 16.2R1) Check the /var/log/pe_upgrade.log file for any errors. The following is an example output of the pe_upgrade.log file for a successful upgrade.

    • (Upgrading from 17.1R1 to 17.2R1) Check the following log files for errors:

      • /var/log/pe_upgrade_17_2.log

      • /var/log/pe_upgade_17_2_3rd_party_adapter.log

      • /var/log/pe_upgrade_nsx.log

NSX Migration Instructions from Policy Enforcer Release 17.1R1 to 17.2R1

After successfully upgrading to Policy Enforcer Release 17.2R1 and when all the Policy Enforcer services and NSX micro service are up and running, the administrator must run the nsxmicro_sdsn_migrate script manually. After the successful installation of the script, the Juniper Connected Security resources such as Connector instance, Secure Fabric, and Policy Enforcement Groups (PEG) are created for the NSX Managers that are already discovered in Security Director.

If the Juniper Connected Security resources are already present in the upgraded version of the software, a message is displayed showing that the NSX Manager with Juniper Connected Security resources are already present in the NSX database.