Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Upgrade the Software of SRX Series Firewalls by Using a PXE Boot Server

Learn how to upgrade the software of SRX Series Firewalls (SRX1500, SRX4100, and SRX4600) using a PXE boot server. This topic covers the step-by-step process, including preparing the PXE server, copying the installation image, and rebooting the device to complete the upgrade.

Upgrade the Software of SRX1500 Device

The build image that you install on the device defines the device's software version. You can change the version of the device by upgrading it.

You can upgrade the software of a device by using the Preboot Execution Environment (PXE) boot server. A PXE boot prepares a client/server environment to boot devices by using a network interface that is independent of available data storage devices or installed operating systems. The TFTP server stores the operating system image. You can have a separate PXE boot server for each image.

To upgrade the software of a device by using the PXE boot server method:

  • Copy the image you want installed on the device to the PXE boot server.

  • Reboot the device to install the image. If you have already copied the image to the PXE boot server, reboot the device to install the image.

To copy the image you want installed to the PXE boot server and install the image:

  1. Remove the previously installed files, if any, from the /var/lib/tftpboot/ directory.
  2. Copy the downloaded installation media to the /var/lib/tftpboot/ directory in the PXE boot server.

    For example:

  3. Log in to the PXE boot server and verify the installation file.

    For example:

  4. Extract the junos-install-media-pxe-srxentedge TAR file.

    For example:

  5. Copy the BOOTX64.EFI file to the tftp home folder ( /var/lib/tftpboot/).
  6. Create a secure boot folder at /var/lib/tftpboot/.
  7. Copy the grub files in the secure-boot folder.
  8. Move initrd.cpio.gz and application-pkg.tgz in ftp server folder (/var/ftp/).
  9. Create grub-startup.cfg in /var/lib/tftpboot/secure-boot folder.
  10. After you copy the image to the PXE boot server, reboot the device to install the image.

    The router boots from the PXE server and installs the image on both the SSDs.

If the device fails to reboot, you can use the USB disk installation option. However, after using USB disk installation, if the router fails to reboot or is not accessible, follow these steps on the console:

  1. Reboot or power on the device

  2. Press the ESC button to go to the Boot Manager Menu.

  3. Select Setup Utility, and then press Enter.

  4. Select the boot type as UEFI Boot Type, PXE boot capability as UEFI:IPv4, first boot device asPXE on ME and set network stack as Enabled.

  5. Click F10

  6. In operational mode, verify that the upgrade is successful. If you have upgraded the software of the device to an SRX1500, the new version of the device is srx1500.

Juniper Networks does not support using the request system software rollback command to revert to the previously installed software.

Upgrade the Software of SRX4100 Device

The build image that you install on the device defines the device's software version. You can change the version of the device by upgrading it.

You can upgrade the software of a device by using the Preboot Execution Environment (PXE) boot server. A PXE boot prepares a client/server environment to boot devices by using a network interface that is independent of available data storage devices or installed operating systems. The TFTP server stores the operating system image. You can have a separate PXE boot server for each image.

To upgrade the software version of a device using the PXE boot server method:

  • Copy the image you want installed on the device to the PXE boot server.

  • Reboot the device to install the image. If you have already copied the image to the PXE boot server, reboot the device to install the image.

To copy the image you want installed to the PXE boot server and install the image:

  1. Remove the previously installed files, if any, from the var/lib/tftpboot/ directory.
  2. Copy the downloaded installation media to the /var/lib/tftpboot/ directory in the PXE boot server.

    For example:

  3. Log in to the PXE boot server and verify the installation file.

    For example:

  4. Extract the junos-install-media-pxe-srxmr TAR file.

    For example:

  5. Move initrd.cpio.gz and application-pkg.tgz in ftp server folder (/var/ftp/).
  6. Install syslinux on ftp server.
  7. Copy syslinux files to ftp server.
  8. Create PXE menu.
  9. Create a new default file at PXE menu.
  10. After you copy the image to the PXE boot server, reboot the device to install the image.

    The router boots from the PXE server and installs the image on both the SSDs.

If the device fails to reboot, you can use the USB disk installation option. However, after using USB disk installation, if the router fails to reboot or is not accessible, follow these steps on the console:

  1. Reboot or power on the device

  2. Press the ESC button to go to the Boot Manager Menu.

  3. Select the boot mode as LEGACY, boot option 1 as Network, and set network stack as Disabled.

  4. Select save and exit or click F4 to start PXE boot.

  5. Select the menu from the screen and click Enter to reboot the device.

  6. Choose boot option 1 as Hard Disk.

  7. Select save and exit or click F4.

  8. In operational mode, verify that the upgrade is successful. If you have upgraded the version of the device to an SRX4100, the new version of the device is srx4100.

Juniper Networks does not support using the request system software rollback command to revert to the previously installed software version.

Upgrade the Software of SRX4600 Device

The build image loaded on the device defines the software of the device. You can change the software of the device by upgrading it.

You can upgrade the software version of a device by using the Preboot Execution Environment (PXE) boot server. A PXE boot prepares a client/server environment to boot devices by using a network interface that is independent of available data storage devices or installed operating systems. The image of the operating system is stored on a TFTP server. You can have a separate PXE boot server for each image.

To upgrade the software of a device by using the PXE boot server method:

  • Copy the image you want installed on the device to the PXE boot server.

  • Reboot the device to install the image. If you have already copied the image to the PXE boot server, reboot the device to install the image.

To copy the image you want installed to the PXE boot server and install the image:

  1. Remove the previously installed files, if any, from the /var/lib/tftpboot/ directory.
  2. Copy the downloaded installation media to the /var/lib/tftpboot/ directory in the PXE boot server.

    For example:

  3. Log in to the PXE boot server and verify the installation file.

    For example:

  4. Extract the junos-install-media-pxe-srxhe TAR file.

    For example:

  5. Copy the BOOTX64.EFI file to the tftp home folder ( /var/lib/tftpboot/).
  6. Create a secure boot folder at /var/lib/tftpboot/.
  7. Copy the grub files in the secure-boot folder.
  8. Move initrd.cpio.gz and application-pkg.tgz in ftp server folder (/var/ftp/)
  9. Create grub-startup.cfg in /var/lib/tftpboot/secure-boot folder.
  10. After you copy the image to the PXE boot server, to install the image on the device, reboot the device to install the image.

    The router boots from the PXE server and installs the image on both the SSDs.

If the device fails to reboot, you can use the USB disk installation option. However, after using USB disk installation, if the router fails to reboot or is not accessible, follow these steps on the console:

  1. Reboot or power on the device

  2. Press the ESC button to go to the Boot Manager Menu.

  3. Select Setup Utility, and then press Enter.

  4. Select the PXE boot capability as UEFI:IPv4, disable HDD and enable ETH00 under EPI.

  5. Click F10

  6. In operational mode, verify that the upgrade is successful. If you have upgraded the software version of the device to an SRX4600, the new version of the device is srx4600.

Juniper Networks does not support using the request system software rollback command to revert to the previously installed software version.