How to Upgrade to Junos OS Release 21.2R3

1. Check the current Junos OS software version.
   user@host> show version
2. Check whether the system has sufficient storage for the upgrade.
   user@host> show system storageFrom the sample output, /dev/vtbd0s1a and /dev/vtbd1s1f indicate that storage is available on the CompactFlash card and the hard disk.
3. Save the active configuration and license keys. You can create a file containing configuration or license key and save it using one of the following methods.
   • Save it on external server (FTP, HTTP, or SCP) or your laptop (recommended). The following example shows saving active configuration on an external device using SCP.
   • Save it on the local device. The following example shows saving active configuration on the device.

   The system saves the active configuration at the specified file location.
   Similarly save license keys using the user@host> request system license save filename command and copy it to external device or store it locally.
4. Optionally, create copies of the software running on your device using the system snapshot feature. Having a snapshot of software helps you recover to a known, stable environment in case something goes wrong with the upgrade. See Backing Up an Installation Using Snapshots.
5. Ensure that there are no uncommitted changes.
6. Remove the NTP configuration that has more than one source address.
7. Check if your configuration includes the following Junos default applications and remove them.

   • GPRS tunneling protocol (GTP) applications: Junos-gprs-gtp-c-tcp, junos-gprs-gtp-c-tcp, junos-gprs-gtp-u-tcp

   • SSL-based dynamic-applications: junos:HTTPS, junos:IMAPS, junos:POP3S, junos:SMTPS

1. Navigate to the Juniper Networks Support page for the SRX300 and select Junos as the OS and 21.2 as the version, as shown in Figure 1.
   Figure 1: Download Junos OS Software
2. Click tgz (395.91 MB) under Downloads.
3. Enter your credentials to review and accept the End User License Agreement. You’ll be guided to the software image download page.
4. You’ll see the following two options on the page. Use one of the options to download the Junos OS image file:
   • To download the image directly on your security device, use the following URL:. You can download the software image directly on your security device. According to the instructions on the screen, copy the URL provided in the box. The URL string is copied to the clipboard. Use file copy command on your security device to download the image.

     Example: To download the image directly on your security device, run the following command on your security device. .

     Your security device downloads the image to the /var/tmp/image-name location. The image name in this example is junos-srxsme-21.2R3.8.tgz.

   • To download the image on your local host (local system such as laptop): You can copy the software image from your local system to the security device using SCP or SFTP options.

     Example : To use SCP to copy software image to your security device, run the following commands on your security device.

   In this procedure, we’ll download the image directly on to the security device.
5. Verify MD5 checksums on a Junos installation package.
   This step confirms that the Junos installation package downloaded from the Juniper Networks website is not modified in any way.
   1. List the files to display the downloaded image.
      user@host> file list /var/tmp
   2. Display the MD5 checksum value of your image file.
      user@host> file checksum md5 /var/tmp/junos-srxsme-21.2R3.8.tgz
   3. Go back to software download page and click the Checksums option for SRX300. Compare the MD5 checksum value displayed on the screen with MD5 hash output value you obtained from the CLI command output.
      Figure 2: MD5 Checksum Value
   4. Repeat the steps to calculate the SHA1, SHA256, and SHA512 values of the file.
6. Validate the Junos OS image to ensure that the existing configuration is compatible with the new image before you start the actual upgrade.
   user@host> request system software validate /var/tmp/junos-srxsme-21.2R3.8.tgz
   Note: When you upgrade your SRX Series Firewall to Junos OS Release 21.2 or later from Junos OS versions prior to Release 21.2, the SRX1500 device, SRX4000 line of devices, SRX5000 line of devices with RE3, and vSRX Virtual Firewall instances do not support the request system software validate command for software validation.
7. Install the image.
   user@host> request system software add /var/tmp/junos-srxsme-21.2R3.8.tgz no-copy
   About Software Validation Options
   Note the following when you upgrade Junos OS from the release 21.2 or earlier to the release 21.2 or later:

   • SRX1500 device, SRX4000 line of devices, SRX5000 line of devices with RE3, and vSRX Virtual Firewall instances do not support software validation due to FreeBSD upgrade.

   • Use the no-validate option in the request system software upgrade or the request system software in-service-upgrade commands.

   • Use the no-compatibility-check option with the request system software in-service-upgrade command instead of no-validate option.

   Check the Knowledge Base article Need to use "no-validate" option for more details.

   Note:

   If you are upgrading an SRX5000-line firewall with RE3, you must use the "request vmhost software add" command.

8. Reboot your system.
   Reboot the system ? [yes,no] (no)
   Yes
9. Complete the following checks after you install the new Junos OS version.

1. Download and validate the Junos OS Release 21.2R3 image. See Step 1 through Step 6 provided in Upgrade Directly on Your Standalone Security Device (CLI) for details.
2. Install the Junos OS image on node 0.
   Do not reboot the device after installation completes.
3. Install the Junos OS image on node 1.
   Do not reboot the device after installation completes.
4. Reboot both the nodes by using the request system reboot command on both the nodes separately.
   After the reboot, both the nodes will have the same Junos OS image.
5. Check the Junos OS version after system reboots by using the show version command.

SUMMARY Use the following simple steps to upgrade your security device managed by Junos Space. Watch the video Junos Space Image Management to understand the procedure.

1. On the Network Management Platform GUI, select Devices > Device Management. The Device Management page appears.
   
2. Check the operating system (OS) version running on the device.
3. Navigate to the Juniper Networks Support page and download Junos OS Release 21.2R3 and save the file to your computer. See Upgrade Directly on Your Security Device (CLI) for instructions.
4. Go to Images and Scripts and select Images. Click the Import Image icon to upload the image file to Junos Space Platform.
   

   After the uploading of the image completes, the Images page displays the uploaded image under File Name.

5. Validate the image by selecting the Actions > Verify Image on Device option.
   
6. Check the validation results by navigating to the Images and Scripts > Images > MD5 Validation Result page.
   
7. Select the uploaded Junos OS image and choose the Deploy Image option from Actions menu. Alternatively, you can choose to stage the deployment at a later time by selecting the Stage Image on Device option.
   
8. On the Deploy Image on Devices page, select the device that you want to upgrade and specify the Remove the package after successful installation and Delete any existing image before download options.
   
9. Click Deploy to start installation. After the upgrade completes, you can check the software version on your device by navigating to the Devices > Device Management page. Here, the OS version now displays Junos OS Release 21.2R3.
   
10. Reboot the device after a successful installation.