Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Upgrade the Software of SRX Series Firewalls by Using a PXE Boot Server

Learn how to upgrade the software of SRX Series Firewalls (SRX1500, SRX4100, and SRX4600) using a PXE boot server. This topic covers the step-by-step process, including preparing the PXE server, copying the installation image, and rebooting the device to complete the upgrade.

Upgrade SRX1500 Firewall Software

The build image that you install on the device defines the device software version. You can change the version of the device by upgrading it.

You can upgrade the software of a device by using the Preboot Execution Environment (PXE) boot server. A PXE boot prepares a client/server environment to boot devices by using a network interface that is independent of available data storage devices or installed operating systems. The TFTP server stores the operating system image. You can have a separate PXE boot server for each image.

To copy the required image to the PXE boot server and install the image on your firewall:

  1. Remove the previously installed files, if any, from the /var/lib/tftpboot/ directory.
  2. Copy the downloaded installation media to the /var/lib/tftpboot/ directory in the PXE boot server.

    For example:

  3. Log in to the PXE boot server and verify the installation file.

    For example:

  4. Extract the junos-install-media-pxe-srxentedge TAR file.

    For example:

  5. Copy the BOOTX64.EFI file to the TFTP home folder ( /var/lib/tftpboot/).
  6. Create a secure boot folder at /var/lib/tftpboot/.
  7. Copy the grub files in the secure-boot folder.
  8. Move initrd.cpio.gz and application-pkg.tgz in FTP server folder (/var/ftp/).
  9. Create grub-startup.cfg in the /var/lib/tftpboot/secure-boot folder.
  10. After you copy the image to the PXE boot server, reboot the device to install the image.

    The firewall boots from the PXE server and installs the image on both the Solid State Drive (SSDs).

If the device fails to reboot, you can install the software by using the USB flash disk. However, if the firewall fails to reboot or is inaccessible after you use this method, perform these steps using the console connection:

  1. Reboot or power on the device

  2. Press the ESC button to go to the Boot Manager menu.

  3. Select Setup Utility and then press Enter.

  4. Select the boot options:

    • Boot type—UEFI Boot Type,

    • PXE boot capability—UEFI:IPv4,

    • First boot device—PXE on ME,

    • Enable the network stack option.

  5. Press F10.

  6. Verify that the upgrade is successful by entering the show version command from the operational mode. If you have upgraded the software of the device to an SRX1500, the new version of the device is srx1500.

Juniper Networks does not support using the request system software rollback command to revert to the previously installed software.

Upgrade SRX4200 Firewall Software

The build image that you install on the device defines the device's software version. You can change the software version of the device by upgrading it.

You can upgrade the device software by using the Preboot Execution Environment (PXE) boot server. A PXE boot prepares a client/server environment to boot devices by using a network interface that is independent of available data storage devices or installed operating systems. The Trivial File Transfer Protocol (TFTP) server stores the operating system image. You can have a separate PXE boot server for each image.

To copy the required image to the PXE boot server and install the image on your firewall:

  1. Remove the previously installed files, if any, from the var/lib/tftpboot/ directory.
  2. Copy the downloaded installation media to the /var/lib/tftpboot/ directory in the PXE boot server.

    For example:

  3. Log in to the PXE boot server and verify the installation file.

    For example:

  4. Extract the junos-install-media-pxe-srxmr TAR file.

    For example:

  5. Move initrd.cpio.gz and application-pkg.tgz in TFTP server folder (/var/ftp/).
  6. Install syslinux on the TFTP server.
  7. Copy syslinux files to the TFTP server.
  8. Create PXE menu.
  9. Create a new default file at PXE menu.
  10. Copy the image to the PXE boot server and reboot the device to install the image.

    The firewall boots from the PXE bootserver and installs the image on both the SSDs.

If the device fails to reboot, you can install the software by using the USB disk. However, if the firewall fails to reboot or is inaccessible after you use this method, perform these steps using the console connection:

  1. Reboot or power on the device

  2. Press the ESC button to go to the Boot Manager menu.

  3. Select the boot options:

    • Boot mode—LEGACY,

    • Boot option 1—NETWORK,

    • Disable the network stack option.

  4. Click save and exit or press F4 to start PXE boot.

  5. Select the menu from the screen and click Enter to reboot the device.

  6. Select Hard Disk as boot option 1.

  7. Click save and exit or press F4 to start PXE boot.

  8. From operational mode, verify that the upgrade is successful. If you have upgraded the version of the device to an SRX4100, the new version of the device is srx4100.

Juniper Networks does not support using the request system software rollback command to revert to the previously installed software version.

Upgrade the Software of SRX4600 Device

The build image loaded on the device defines the software of the device. You can change the software of the device by upgrading it.

You can upgrade the software version of a device by using the Preboot Execution Environment (PXE) boot server. A PXE boot prepares a client/server environment to boot devices by using a network interface that is independent of available data storage devices or installed operating systems. The image of the operating system is stored on a Trivial File Transfer Protocol (TFTP) server. You can have a separate PXE boot server for each image.

To copy the image to the PXE boot server and install the image:

  1. Remove the previously installed files, if any, from the /var/lib/tftpboot/ directory.
  2. Copy the downloaded installation media to the /var/lib/tftpboot/ directory in the PXE boot server.

    For example:

  3. Log in to the PXE boot server and verify the installation file.

    For example:

  4. Extract the junos-install-media-pxe-srxhe TAR file.

    For example:

  5. Copy the BOOTX64.EFI file to the TFTP home folder ( /var/lib/tftpboot/).
  6. Create a secure boot folder at /var/lib/tftpboot/.
  7. Copy the grub files in the secure-boot folder.
  8. Move initrd.cpio.gz and application-pkg.tgz in the FTP server folder (/var/ftp/)
  9. Create grub-startup.cfg in the /var/lib/tftpboot/secure-boot folder.
  10. After you copy the image to the PXE boot server, reboot the device to install the image.

    The firewall boots from the PXE server and installs the image on both the SSDs.

If the device fails to reboot, you can install the software by using the USB disk. However, if the firewall fails to reboot or is inaccessible after you use this method, perform these steps using the console connection:

  1. Reboot or power on the device.

  2. Press the ESC button to go to the Boot Manager menu.

  3. Select Setup Utility and then press Enter.

  4. Select the PXE boot capability as UEFI:IPv4, disable HDD, and enable ETH00 under EPI.

  5. Click F10.

  6. From operational mode, verify that the upgrade is successful. If you have upgraded the software version of the device to an SRX4600, the new version of the device is srx4600.

Juniper Networks does not support using the request system software rollback command to revert to the previously installed software version.