Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Installing Software on SRX Series Devices

SRX Series Firewalls are delivered with preinstalled Junos operating system (Junos OS). Before you start this procedure, decide which software package you need and download it.

Understanding Junos OS Upgrades for SRX Series Firewalls

SRX Series Firewalls are delivered with Junos OS pre-installed on them. When you power on a device, it starts (boots) up using its primary boot device. These devices also support secondary boot devices, allowing you to back up your primary boot device and configuration.

As new features and software fixes become available, you must upgrade Junos OS to use them. Before an upgrade, we recommend that you back up your primary boot device.

We’ve introduced many key security features post Junos OS Release 15.1X49. To upgrade your SRX Series Firewalls from Junos OS Release 15.1X49 to 19.4R3 (SRX Series) and to 20.2R3 (SRX380, SRX1500, and vSRX Virtual Firewall instances), see Upgrade to Junos OS Release 19.4R3 and 20.2R3 for SRX Series.

Understanding Junos OS Upgrades

On a services gateway, you can configure the primary or secondary boot device with a snapshot of the current configuration, default factory configuration, or rescue configuration. You can also replicate the configuration for use on another device.

If the SRX Series Firewall does not have a secondary boot device configured and the primary boot device becomes corrupted, you can reload the Junos OS package onto the corrupted internal media from a USB flash drive or TFTP server.

Junos OS Upgrade Methods on the SRX Series Firewalls

SRX Series Firewalls that ship from the factory with Junos OS Release 10.0 or later are formatted with the dual-root partitioning scheme.

Note:

Junos OS Release 12.1X45 and later do not support single root partitioning.

Note:

SRX100, SRX110, SRX210, SRX220, and SRX240 devices with 2 GB RAM cannot be upgraded to any Junos OS 12.1X46 Release after 12.1X46-D65. Attempting to upgrade to this release on devices with 2 GB RAM will trigger the following error: ERROR: Unsupported platform for 12.1X46 releases after 12.1X46-D65

.

Existing SRX Series Firewalls that are running Junos OS Release 9.6 or earlier use the single-root partitioning scheme. While upgrading these devices to Junos OS Release 10.0 or later, you can choose to format the storage media with dual-root partitioning (strongly recommended) or retain the existing single-root partitioning.

Certain Junos OS upgrade methods format the internal media before installation, whereas other methods do not. To install Junos OS Release 10.0 or later with the dual-root partitioning scheme, you must use an upgrade method that formats the internal media before installation.

Note:

If you are upgrading to Junos OS Release 10.0 without transitioning to dual-root partitioning, use the conventional CLI and J-Web user interface installation methods.

These upgrade methods format the internal media before installation:

  • Installation from the boot loader using a TFTP server

  • Installation from the boot loader using a USB storage device

  • Installation from the CLI using the partition option (available in Junos OS Release 10.0)

  • Installation using the J-Web user interface

These upgrade methods retain the existing partitioning scheme:

  • Installation using the CLI

  • Installation using the J-Web user interface

CAUTION:

Upgrade methods that format the internal media before installation wipe out the existing contents of the media. Only the current configuration is preserved. Any important data must be backed up before starting the process.

Note:

Once the media has been formatted with the dual-root partitioning scheme, you can use conventional CLI or J-Web user interface installation methods, which retain the existing partitioning and contents of the media, for subsequent upgrades.

Example: Installing Junos OS Upgrade Packages on SRX Series Devices

This example shows how to install Junos OS upgrades on SRX Series Firewalls.

Requirements

Before you begin:

  • Verify the available space on the internal media.

  • Download the software package. See Downloads to download the software package for your products.

  • Copy the software package to the device if you are installing the software package from a local directory on the device. We recommend that you copy it to the /var/tmp directory. To copy the software package to the /var/tmp directory, use the following command from the operational mode:

    Example:

Overview

By default, the request system software add package-name command uses the validate option to validate the software package against the current configuration as a prerequisite to adding the software package. This validation ensures that the device can reboot successfully after the software package is installed. This is the default behavior when you are adding a software package.

In this example, add the software package (for example: junos-srxsme-10.0R2-domestic.tgz [for SRX Series Firewalls] with the following options:

  • no-copy option to install the software package but do not save the copies of package files. You must include this option if you do not have enough space on the internal media to perform an upgrade that keeps a copy of the package on the device.

  • reboot option to reboots the device after installation is completed.

Configuration

Procedure

GUI Quick Configuration
Step-by-Step Procedure

To install Junos OS upgrades on SRX Series Firewalls:

  1. In the J-Web user interface, select Maintain>Software>Upload Package.

  2. On the Upload Package page, specify the software package to upload. Click Browse to navigate to the software package location and select junos-srxsme-10.0R2-domestic.tgz.

  3. Select the Reboot If Required check box to set the device to reboot automatically when the upgrade is complete.

  4. Select the Do not save backup check box to bypass saving the backup copy of the current Junos OS package (SRX Series).

  5. Click Upload Package. The software is activated after the device has rebooted.

  6. Click OK to check your configuration and save it as a candidate configuration.

  7. If you are done configuring the device, click Commit Options>Commit.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

From operational mode, install the new package on the device with the no-copy option, and format and re-partition the media before installation, and reboot the device after installation is completed.

To install Junos OS upgrades on SRX Series Firewalls:

  1. From operational mode, install the new package on the device. In this example, the package name is junos-srxsme-10.0R2-domestic.tgz:

    Note:

    We recommend that you configure the no-validate option only when expressly specified by the Juniper Networks Technical Assistance Center (JTAC).

  2. Reboot the device.

    When the reboot is complete, the device displays the login prompt.

Results

From configuration mode, confirm your configuration by entering the show system command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying the Junos OS Upgrade Installation

Purpose

Verify that the Junos OS upgrade was installed.

Action

From operational mode, enter the show version command.

Sample Output
command-name
Meaning

The show version command displays the hostname, model number, and the release information loaded on the device.

Example: Installing Junos OS on SRX Series Firewalls Using the Partition Option

This example shows how to install Junos OS Release 10.0 or later with the partition option.

Requirements

Before you begin, back up any important data.

Overview

This example formats the internal media and installs the new Junos OS image on the media with dual-root partitioning. Reinstall the Release 10.0 or later image from the CLI using the request system software add command with the partition option. This copies the image to the device, and then reboots the device for installation. The device boots up with the Release 10.0 or later image installed with the dual-root partitioning scheme. When the partition option is used, the format and install process is scheduled to run on the next reboot. Therefore, we recommend that this option be used together with the reboot option.

Note:

The process might take 15 to 20 minutes. The system is not accessible over the network during this time.

CAUTION:

Using the partition option with the request system software add command erases the existing contents of the media. Only the current configuration is preserved. You must back up any important data before starting the process.

Note:

Partition install is supported on the default media on SRX300, SRX320, SRX340, and SRX345 devices (internal NAND flash) and not supported on the alternate media (USB storage key). Partition install is supported on the default media on SRX380 Series devices (internal SSD) and not on alternate media (USB storage key).

Note:

Partition install is supported on the default media on SRX100, SRX210, and SRX240 devices (internal NAND flash) and on SRX650 devices (internal CF card). Partition install is not supported on the alternate media on SRX100, SRX210, and SRX240 devices (USB storage key) or on SRX650 devices (external CF card or USB storage key).

In this example, add the software package junos-srxsme-10.0R2-domestic.tgz with the following options:

  • no-copy option to install the software package but do not save the copies of package files. You must include this option if you do not have enough space on the internal media to perform an upgrade that keeps a copy of the package on the device.

  • no-validate option to bypass the compatibility check with the current configuration before installation starts.

  • partition option to format and re-partition the media before installation.

  • reboot option to reboots the device after installation is completed.

Topology

Configuration

Procedure

CLI Quick Configuration

To install Junos OS Release 10.0 or later with the partition option, enter the following command from operational mode:

GUI Quick Configuration
Step-by-Step Procedure

To install Junos OS Release 10.0 or later with the partition option:

  1. In the J-Web user interface, select Maintain>Software>Install Package.

  2. On the Install Package page, specify the FTP or HTTP server, file path, and software package name. Type the full address of the software package location on the FTP or HTTP. Example: ftp://hostname/pathname/junos-srxsme-xx.0R2-domestic.tgz or http://hostname/pathname/junos-srxsme-xx.0R2-domestic.tgz.

    Note:

    Specify the username and password, if the server requires one.

  3. Select the Reboot If Required check box to set the device to reboot automatically when the upgrade is complete.

  4. Select the Do not save backup check box to bypass saving the backup copy of the current Junos OS package.

  5. Select the Format and re-partition the media before installation check box to format the internal media with dual-root partitioning.

  6. Click Fetch and Install Package. The software is activated after the device reboots.

    This formats the internal media and installs the new Junos OS image on the media with dual-root partitioning.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To install Junos OS Release 10.0 or later with the partition option:

  1. Upgrade the device to Junos OS Release 10.0 or later using the CLI.

  2. After the device reboots, upgrade the boot loader to the latest version. See Preparing the USB Flash Drive to Upgrade Junos OS on SRX Series Devices.

  3. Reinstall the Release 10.0 or later image.

Results

From configuration mode, confirm your configuration by entering the show system storage partitions command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

Sample output on a system with single root partitioning:

Sample output on a system with dual-root partitioning:

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying the Partitioning Scheme Details

Purpose

Verify that the partitioning scheme details on the SRX Series Firewall were configured.

Action

From operational mode, enter the show system storage partitions command.

See Also

Reverting the Junos OS Software Image Back to the Previous Version

This example shows how to downgrade Junos OS on the SRX Series Firewalls.

Requirements

No special configuration beyond device initialization is required before configuring this feature.

Overview

When you upgrade your software, the device creates a backup image of the software that was previously installed in addition to installing the requested software upgrade.

To downgrade the software, you can revert to the previous image using the backup image. You can use this method to downgrade to only the software release that was installed on the device before the current release. To downgrade to an earlier version, follow the procedure for upgrading, using the software image labeled with the appropriate release. This example returns software to the previous Junos OS version.

Note:

This procedure applies only to downgrading from one Junos OS software release to another or from one Junos OS services release to another.

Configuration

Procedure

CLI Quick Configuration

To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

From operational mode, enter:

GUI Quick Configuration
Step-by-Step Procedure

To downgrade Junos OS on SRX Series Firewalls:

  1. In the J-Web user interface, select Maintain>Software>Downgrade. The image of the previous version (if any) appears on this page.

    Note:

    After you perform this operation, you cannot undo it.

  2. Select Downgrade to downgrade to the previous version of the software or Cancel to cancel the downgrade process.

  3. Click Maintain>Reboot from the J-Web user interface to reboot the device.

    Note:

    To downgrade to an earlier version, follow the procedure for upgrading, using the software image labeled with the appropriate release.

  4. Click OK to check your configuration and save it as a candidate configuration.

  5. If you are done configuring the device, click Commit Options>Commit.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To downgrade Junos OS on SRX Series Firewalls:

  1. From operational mode, return to the previous Junos OS version.

  2. Reboot the device.

    The device is now running the previous version of Junos OS. To downgrade to an earlier version, follow the procedure for upgrading, using the software image labeled with the appropriate release.

Results

From configuration mode, confirm your configuration by entering the show system command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying the Junos OS Downgrade Installation

Purpose

Verify that the Junos OS downgrade was installed.

Action

From operational mode, enter the show system command.

Preparing the USB Flash Drive to Upgrade Junos OS on SRX Series Devices

This feature simplifies the upgrading of Junos OS images in cases where there is no console access to an SRX Series Firewall located at a remote site. This functionality allows you to upgrade the Junos OS image with minimum configuration effort by simply copying the image onto a USB flash drive, inserting it into the USB port of the SRX Series Firewall, and performing a few simple steps. You can also use this feature to reformat a boot device and recover an SRX Series Firewall after boot media corruption.

All USB flash drives used on SRX Series Firewalls must have the following features:

  • USB 2.0 or later.

  • Formatted with a FAT/FAT 32 or MS-DOS file system

Note:

For the list of recommended USB drives, see Knowledge Base article KB31622.

Note:

The Junos OS package on a USB device is commonly stored in the root drive as the only file; for example, junos-srxsme-15.1X49-D30.3-domestic.tgz.

CAUTION:

Any USB memory product not listed as supported for SRX Series Firewalls has not been tested by Juniper Networks. The use of any unsupported USB memory product could expose your SRX Series Firewall to unpredictable behavior. Juniper Networks Technical Assistance Center (JTAC) can provide only limited support for issues related to unsupported hardware. We strongly recommend that you use only supported USB flash drives.

Note:

This feature is not supported on chassis clusters.

Before you begin:

  • Copy the Junos OS upgrade image and its autoinstall.conf file to the USB device.

  • Ensure that adequate space is available on the SRX Series Firewall to install the software image.

To prepare the USB flash drive and copy the Junos OS image onto the USB flash drive:

  1. Insert the USB flash drive into the USB port of a PC or laptop computer running Windows.
  2. From My Computer, right-click the drive Devices with Removable Storage.
  3. Format the drive with the FAT/FAT32 file system.
  4. Copy the Junos OS image onto the USB device.

    For the installation process to succeed, copy only one image onto the USB device. Only images named junos-srxsme* are recognized by the system.

  5. Check the drive name detected in My Computer for the USB device. Open the command prompt window and type:

    For example, if the drive detected is drive F, type echo “ “ > F:\autoinstall.conf at the command prompt. This empty file indicates to the system that the automatic installation of the Junos OS image from the USB device is supported.

  6. (Optional) Create a text file named junos-config.conf and copy the file to the USB device. For example, the following file supports an automatic configuration update during the installation process:
    Note:

    The junos-config.conf file is optional, and it is not necessary for the automatic installation of the Junos OS image from the USB device. You can use the junos-config.conf file for a backup configuration for recovery or if the existing configuration is accidentally deleted.

Installing Junos OS on SRX Series Firewalls Using a USB Flash Drive

To install the Junos OS image on an SRX Series Firewall using a USB flash drive:

  1. Insert the USB flash drive into the USB port of the SRX Series Firewall and observe the LEDs. The LEDs will initially blink amber and then steadily turn amber, indicating that the SRX Series device has detected the Junos OS image.

    If the LEDs do not change to amber, try pressing the Power button or turning the device off and then on again. Wait for the LEDs to blink amber.

  2. Press the Reset Config button on the SRX Series Firewall to initiate the installation process. The LEDs will glow steadily amber during this process.
    Note:

    It is important to press the Reset Config button after observing the initial amber LED indication. Waiting for the LEDs to turn steady before pressing the button is not necessary and may cause unnecessary delays.

    When the LEDs glow green, the Junos OS upgrade image has been successfully installed.

    If the USB device is plugged in, the Reset Config button always performs as an image upgrade button. Any other functionality of this button is overridden until you remove the USB flash drive.

  3. Remove the USB flash drive from the device.

    The SRX Series Firewall restarts automatically and loads the new Junos OS version.

Note:

On SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550M devices, frequent plug and play of USB keys is not supported. You must wait for the device node creation before removing the USB key.

Note:

If an installation error occurs, the LEDs turn red, which might indicate that the Junos OS image on the USB flash drive is corrupted. An installation error can also occur if the current configuration on the SRX Series Firewall is not compatible with the new Junos OS version on the USB or if there is not enough space on the SRX Series Firewall to install the image. You must have console access to the SRX Series Firewall to troubleshoot an installation error.

Note:

You can use the set system autoinstallation usb disable command to prevent the automatic installation from the USB device. After using this command, if you insert the USB device into the USB port of the SRX Series Firewall, the installation process does not work.

Note:

Installing the Junos OS image using a USB flash drive is supported on SRX100, SRX110, SRX210, SRX220, and SRX240 devices.

Upgrading the Boot Loader on SRX Series Devices

To upgrade the boot loader to the latest version:

  1. Upgrade to Junos OS Release 10.0 or later (with or without dual-root support enabled).

    The Junos OS 10.0 image contains the latest boot loader binaries in this path: /boot/uboot, /boot/loader.

  2. Enter the shell prompt using the start shell command.
  3. Run the following command from the shell prompt:

    bootupgrade –u /boot/uboot –l /boot/loader

    Note:

    You can use the following commands to upgrade U-Boot or perform cyclic redundancy check (CRC):

    • bootupgrade -s -u – To upgrade the secondary boot loader.

    • bootupgrade -c u-boot – To check CRC of the boot loader.

    • bootupgrade -s -c u-boot – To check CRC for the secondary boot loader.

    • bootupgrade -c loader – To check CRC for the loader on boot loader.

  4. Enter the show system firmware command to check whether the upgrade is successful or not.
  5. For the new version to take effect, you should reboot the system after upgrading the boot loader.

You can check the boot loader version number at console output when your device boots up as shown in the following example:

To verify the (bios) firmware version on the SRX Series Firewall, enter the show chassis routing-engine bios command.

Installing Junos OS on SRX Series Firewalls from the Boot Loader Using a TFTP Server

You can install Junos OS using the Trivial File Transfer Protocol (TFTP) method. The device is shipped with Junos OS loaded on the primary boot device. During Junos OS installation from the loader, the device retrieves the Junos OS package from a TFTP server. The internal media is then formatted, and the Junos OS image is installed.

From the loader installation, you can:

  • Install Junos OS on the device for the first time.

  • Recover the system from a file system corruption.

    Note:

    Installation from a TFTP server can only be performed using the first onboard Ethernet interface.

    Installation from the loader-over-TFTP method does not work reliably over slow speeds or large latency networks.

Before you begin, verify that:

  • You have access to the TFTP server with the Junos OS package to be installed.

  • That the TFTP server supports BOOTP or DHCP. If the TFTP server does not support BOOTP or DHCP, you must set the environment variables before performing the installation from the TFTP server.

  • Functional network connectivity exists between the device and the TFTP server over the first onboard Ethernet interface.

To install the Junos OS image on the internal media of the device:

  1. To access the U-boot prompt, use the console connection to connect to the device.
  2. Reboot the device.

    The following messages appear:

    After this message appears, you see the following prompt:

  3. Press the space bar to stop the autoboot process.

    The => U-boot prompt appears.

  4. From the U-boot prompt, configure the environment variables listed in Table 1.
    Table 1: Environment Variables Settings

    Environment Variables

    Description

    gatewayip

    IP address of the gateway device

    ipaddr

    IP address of the SRX Series Firewall

    netmask

    network mask

    serverip

    IP address of the TFTP server

    This example shows you how to configure the environment variables:

  5. Reboot the system using the reset command.
  6. To access the loader prompt, use the console connection to connect to the device.
  7. Reboot the device.

    The following message appears:

    Loading /boot/defaults/loader.conf

    After this message appears, you see the following prompt:

    Hit [Enter] to boot immediately, or space bar for command prompt.

  8. Press the space bar to access the loader prompt (loader>).

    The loader> prompt appears. Enter:

    Note:

    The URL path is relative to the TFTP server’s TFTP root directory, where the URL is tftp://tftp-server-ipaddress/package.

When this command is executed:

  • The Junos OS package is downloaded from the TFTP server.

  • The internal media on the system is formatted.

  • The Junos OS package is installed on the internal media.

Note:

The Installation from the loader-over-TFTP method installs Junos OS on the internal CF on SRX100, SRX210, SRX220, and SRX240 devices, whereas on SRX650 devices, this method can install Junos OS on the internal or external CF card.

After Junos OS is installed, the device boots from the internal media. Once the system boots up with Junos OS Release 10.0 or later, you must upgrade the U-boot and boot loader immediately.

CAUTION:

When you install Junos OS using the loader-over-TFTP method, the media is formatted. The process attempts to save the current configuration. We recommend that you back up all important information on the device before using this process.

Installing Junos OS on SRX Series Firewalls from the Boot Loader Using a USB Storage Device

To install Junos OS Release 10.0 or later from the boot loader using a USB storage device:

  1. Format a USB storage device in MS-DOS format.
  2. Copy the Junos OS image onto the USB storage device.
  3. Plug the USB storage device into the SRX Series Firewall.
  4. Stop the device at the loader prompt and issue the following command:

    An example of a command is as follows:

    This formats the internal media and installs the new Junos OS image on the media with dual-root partitioning.

  5. Remove the USB flash drive.
Note:

On SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550M devices, frequent plug and play of USB keys is not supported. You must wait for the device node creation before removing the USB key.
Note:

If an installation error occurs, the LEDs turn red, which might indicate that the Junos OS image on the USB flash drive is corrupted. An installation error can also occur if the current configuration on the SRX Series Firewall is not compatible with the new Junos OS version on the USB or if there is not enough space on the SRX Series Firewall to install the image. You must have console access to the SRX Series Firewall to troubleshoot an installation error.

If the USB device is not recognized, you may see a message similar to Target device selected for installation: internal media cannot open package (error 2). If you see such a message, power cycle the SRX Series Firewall with the USB inserted and try the boot loader install again.

Upgrading the Software of SRX Series Firewalls by Using a PXE Boot Server

Upgrading the Software of SRX1500 Device

The build image loaded on the device defines the software version of the device. You can change the version of the device by upgrading it.

You can upgrade the software of a device by using the Preboot Execution Environment (PXE) boot server. A PXE boot prepares a client/server environment to boot devices by using a network interface that is independent of available data storage devices or installed operating systems. The image of the operating system is stored on a TFTP server. You can have a separate PXE boot server for each image.

To upgrade the software of a device by using the PXE boot server method:

  • Copy the image you want installed on the device to the PXE boot server.

  • Reboot the device to install the image. If you have already copied the image to the PXE boot server, reboot the device to install the image.

To copy the image you want installed to the PXE boot server and install the image:

  1. Remove the previously installed files, if any, from the /var/lib/tftpboot/ directory.
  2. Copy the downloaded installation media to the /var/lib/tftpboot/ directory in the PXE boot server.

    For example:

  3. Log in to the PXE boot server and verify the installation file.

    For example:

  4. Extract the junos-install-media-pxe-srxentedge TAR file.

    For example:

  5. Copy the BOOTX64.EFI file to the tftp home folder ( /var/lib/tftpboot/).
  6. Create a secure boot folder at /var/lib/tftpboot/.
  7. Copy the grub files in the secure-boot folder.
  8. Move initrd.cpio.gz and application-pkg.tgz in ftp server folder (/var/ftp/).
  9. Create grub-startup.cfg in /var/lib/tftpboot/secure-boot folder.
  10. After you copy the image to the PXE boot server, to install the image on the device, reboot the device to install the image.

    The router boots from the PXE server and installs the image on both the SSDs.

If the device fails to reboot, you can use the USB disk installation option. However, after using USB disk installation, if the router fails to reboot or is not accessible, follow these steps on the console:

  1. Reboot or power on the device

  2. Press the ESC button to go to the Boot Manager Menu.

  3. Select Setup Utility, and then press Enter.

  4. Select the boot type as UEFI Boot Type, PXE boot capability as UEFI:IPv4, first boot device asPXE on ME and set network stack as Enabled.

  5. Click F10

  6. In operational mode, verify that the upgrade is successful. If you have upgraded the software of the device to an SRX1500, the new version of the device is srx1500.

Juniper Networks does not support using the request system software rollback command to revert to the previously installed software.

Upgrading the Software of SRX4100 Device

The build image loaded on the device defines the software version of the device. You can change the version of the device by upgrading it.

You can upgrade the software version of a device by using the Preboot Execution Environment (PXE) boot server. A PXE boot prepares a client/server environment to boot devices by using a network interface that is independent of available data storage devices or installed operating systems. The image of the operating system is stored on a TFTP server. You can have a separate PXE boot server for each image.

To upgrade the software version of a device using the PXE boot server method:

  • Copy the image you want installed on the device to the PXE boot server.

  • Reboot the device to install the image. If you have already copied the image to the PXE boot server, reboot the device to install the image.

To copy the image you want installed to the PXE boot server and install the image:

  1. Remove the previously installed files, if any, from the var/lib/tftpboot/ directory.
  2. Copy the downloaded installation media to the /var/lib/tftpboot/ directory in the PXE boot server.

    For example:

  3. Log in to the PXE boot server and verify the installation file.

    For example:

  4. Extract the junos-install-media-pxe-srxmr TAR file.

    For example:

  5. Move initrd.cpio.gz and application-pkg.tgz in ftp server folder (/var/ftp/).
  6. Install syslinux on ftp server.
  7. Copy syslinux files to ftp server.
  8. Create PXE menu.
  9. Create a new default file at PXE menu.
  10. After you copy the image to the PXE boot server, to install the image on the device, reboot the device to install the image.

    The router boots from the PXE server and installs the image on both the SSDs.

If the device fails to reboot, you can use the USB disk installation option. However, after using USB disk installation, if the router fails to reboot or is not accessible, follow these steps on the console:

  1. Reboot or power on the device

  2. Press the ESC button to go to the Boot Manager Menu.

  3. Select the boot mode as LEGACY, boot option 1 as Network, and set network stack as Disabled.

  4. Select save and exit or click F4 to start PXE boot.

  5. Select the menu from the screen and click Enter to reboot the device.

  6. Choose boot option 1 as Hard Disk.

  7. Select save and exit or click F4.

  8. In operational mode, verify that the upgrade is successful. If you have upgraded the version of the device to an SRX4100, the new version of the device is srx4100.

Juniper Networks does not support using the request system software rollback command to revert to the previously installed software version.

Upgrading the Software of SRX4600 Device

The build image loaded on the device defines the software of the device. You can change the software of the device by upgrading it.

You can upgrade the software version of a device by using the Preboot Execution Environment (PXE) boot server. A PXE boot prepares a client/server environment to boot devices by using a network interface that is independent of available data storage devices or installed operating systems. The image of the operating system is stored on a TFTP server. You can have a separate PXE boot server for each image.

To upgrade the software of a device by using the PXE boot server method:

  • Copy the image you want installed on the device to the PXE boot server.

  • Reboot the device to install the image. If you have already copied the image to the PXE boot server, reboot the device to install the image.

To copy the image you want installed to the PXE boot server and install the image:

  1. Remove the previously installed files, if any, from the /var/lib/tftpboot/ directory.
  2. Copy the downloaded installation media to the /var/lib/tftpboot/ directory in the PXE boot server.

    For example:

  3. Log in to the PXE boot server and verify the installation file.

    For example:

  4. Extract the junos-install-media-pxe-srxhe TAR file.

    For example:

  5. Copy the BOOTX64.EFI file to the tftp home folder ( /var/lib/tftpboot/).
  6. Create a secure boot folder at /var/lib/tftpboot/.
  7. Copy the grub files in the secure-boot folder.
  8. Move initrd.cpio.gz and application-pkg.tgz in ftp server folder (/var/ftp/)
  9. Create grub-startup.cfg in /var/lib/tftpboot/secure-boot folder.
  10. After you copy the image to the PXE boot server, to install the image on the device, reboot the device to install the image.

    The router boots from the PXE server and installs the image on both the SSDs.

If the device fails to reboot, you can use the USB disk installation option. However, after using USB disk installation, if the router fails to reboot or is not accessible, follow these steps on the console:

  1. Reboot or power on the device

  2. Press the ESC button to go to the Boot Manager Menu.

  3. Select Setup Utility, and then press Enter.

  4. Select the PXE boot capability as UEFI:IPv4, disable HDD and enable ETH00 under EPI.

  5. Click F10

  6. In operational mode, verify that the upgrade is successful. If you have upgraded the software version of the device to an SRX4600, the new version of the device is srx4600.

Juniper Networks does not support using the request system software rollback command to revert to the previously installed software version.

Restarting and Halting SRX Series Devices

This topic includes the following sections:

Rebooting SRX Series Devices

This example shows how to reboot a SRX Series Firewall.

Requirements

Before rebooting the device, save and commit any Junos OS updates.

Overview

This example shows how to reboot a device fifty minutes from when you set the time from the internal media while sending a text message of ’stop’ to all system users before the device reboots.

Configuration

Procedure
CLI Quick Configuration

To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

From operational mode, enter:

GUI Quick Configuration
Step-by-Step Procedure

To reboot a device:

  1. In the J-Web user interface, select Maintain>Reboot.

  2. Select Reboot in 50 minutes to reboot the device fifty minutes from the current time.

  3. Select the internal (for SRX Series Firewalls) boot device from the Reboot From Media list.

  4. In the Message box, type stop as the message to display to any user on the device before the reboot occurs.

  5. Click Schedule. The J-Web user interface requests confirmation to perform the reboot.

  6. Click OK to confirm the operation.

    • If the reboot is scheduled to occur immediately, the device reboots. You cannot access J-Web until the device has restarted and the boot sequence is complete. After the reboot is complete, refresh the browser window to display the J-Web login page.

    • If the reboot is scheduled to occur in the future, the Reboot page displays the time until reboot. You have the option to cancel the request by clicking Cancel Reboot on the J-Web user interface Reboot page.

  7. Click OK to check your configuration and save it as a candidate configuration.

  8. If you are done configuring the device, click Commit Options>Commit.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To reboot a device:

  1. From operational mode, schedule a reboot of the device to occur fifty minutes from when you set the time from the internal media while sending a text message of ’stop’ to all system users before the device reboots.

    Enter:

Results

From configuration mode, confirm your configuration by entering the show system command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying the Device Reboot
Purpose

Verify that the device rebooted.

Action

From operational mode, enter the show system command.

Halting SRX Series Devices

This example shows how to halt a device.

Requirements

Before halting the device, save and commit any Junos OS updates.

Overview

When the device is halted, all software processes stop and you can access the device through the console port only. Reboot the device by pressing any key on the keyboard.

Note:

If you cannot connect to the device through the console port, shut down the device by pressing and holding the power button on the front panel until the POWER LED turns off. After the device has shut down, you can power on the device by pressing the power button again. The POWER LED turns on during startup and remains steadily green when the device is operating normally.

This example shows how to halt the system and stop software processes on the device immediately.

Configuration

Procedure
CLI Quick Configuration

To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

From operational mode, enter:

Note:

The request system halt command used for halting the system and stopping software processes on the device is not supported on SRX1500, SRX4100, and SRx4200 devices.

GUI Quick Configuration
Step-by-Step Procedure

To halt a device immediately:

  1. In the J-Web user interface, select Maintain>Reboot.

  2. Select Halt Immediately. After the software stops, you can access the device through the console port only.

  3. Click Schedule. The J-Web user interface requests confirmation to halt.

  4. Click OK to confirm the operation. If the device halts, all software processes stop and you can access the device through the console port only. Reboot the device by pressing any key on the keyboard.

  5. Click OK to check your configuration and save it as a candidate configuration.

  6. If you are done configuring the device, click Commit Options>Commit.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To halt a device:

  1. From operational mode, halt the SRX Series Firewall immediately.

Results

From configuration mode, confirm your configuration by entering the show system command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying the Device Halt
Purpose

Verify that the device halted.

Action

From operational mode, enter the show system command.

Bringing Chassis Components Online and Offline on SRX Series Devices

You can use the request commands to bring chassis components (except Power Entry Modules and fans) online and offline.

To bring chassis components online and offline, enter these request chassis commands:

Where <fru> in the request chassis command can be any of the following (for SRX300, SRX320, SRX340, SRX345, SRX380, and SRX550M devices):

  • fpc—Changes the Flexible PIC Concentrator (FPC) status.

Where <fru> in the request chassis command can be any of the following (for SRX5800, SRX5600, and SRX5400 devices):

  • cb—Changes the control board status.

  • fabric—Changes the fabric status.

  • fpc—Changes the Flexible PIC Concentrator (FPC) status.

  • fpm—Changes the craft interface status.

  • pic—Changes the physical interface card status.

  • routing-engine—Changes the routing engine status.

Note:

The request chassis command is not supported for bringing SPCs online and offline.

Example:

To bring specific pic and the corresponding fpc slot online, from operational mode enter the following request chassis command:

Restarting the Chassis on SRX Series Devices

You can restart the chassis using the restart chassis-control command with the following options:

  • To restart the process gracefully:

    user@host> restart chassis-control gracefully

  • To restart the process immediately:

    user@host> restart chassis-control immediately

  • To restart the process softly:

    user@host> restart chassis-control soft

Related Documentation

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
12.1X46
SRX100, SRX110, SRX210, SRX220, and SRX240 devices with 2 GB RAM cannot be upgraded to any Junos OS 12.1X46 Release after 12.1X46-D65. Attempting to upgrade to this release on devices with 2 GB RAM will trigger the following error: ERROR: Unsupported platform for 12.1X46 releases after 12.1X46-D65
12.1X45-D10
Junos OS Release 12.1X45 and later do not support single root partitioning