ON THIS PAGE
Upgrade Directly on Your Security Devices in a Chassis Cluster (CLI)
Upgrade Considerations for Your cSRX Container Firewall Container Firewall
Upgrade Junos OS on SRX Series Firewalls Managed by Junos Space
Upgrade Junos OS on SRX Series Firewalls Managed by Juniper Security Director Cloud
Upgrade Junos OS on SRX Series Firewalls Managed by Juniper Sky™ Enterprise
How to Upgrade to Junos OS Release 21.2R3
SUMMARY In this topic, you’ll learn how to upgrade Junos OS software to Release 21.2R3 on your Juniper Networks® SRX Series Firewall device. You'll also learn about the upgrade options available for your Juniper Networks® vSRX Virtual Firewall Virtual Firewall.
Best Practices for Upgrading Junos OS
We suggest that you start with the following best practices to optimize your upgrade experience:
-
Read the Release Notes for Junos OS Release 21.2R3.
-
Connect your laptop/computer to the SRX Series firewall through the console port if you are upgrading software using CLI (recommended).
-
Connect your device to the Internet.
-
Back up the current configuration.
-
Ensure that there are no uncommitted changes.
-
Clear files and erase unwanted or unused configurations using the
request system storage cleanup
command. - Ensure that both nodes are online and have the same version of Junos OS if you have a chassis cluster setup.
-
Plan for an extended maintenance window, preferably during non-business hours, to minimize impact.
- Allocate sufficient time during the maintenance window for the upgrade, troubleshooting, and any post-configuration procedures.
- Identify business contacts who will help verify application and network functionality after the upgrade.
Perform Preinstallation Steps
Upgrade Directly on Your Standalone Security Device (CLI)
We'll use the following hardware and software combination in this example:
- Juniper Networks SRX300 Firewall
- Junos OS Release 20.4R3
- Available flash memory of 512 MB
To upgrade from Junos OS Release 20.4R3 to Junos OS Release 21.2R3:
- Check the Junos OS version after the system reboots using the
show version
command. - Ensure your device settings, network settings, and other configuration are
in place using the
show configuration
command.
Upgrade Directly on Your Security Devices in a Chassis Cluster (CLI)
We'll use the following hardware and software combination in this example:
- Juniper Networks SRX4200 Firewall devices in a chassis cluster setup
- Junos OS Release 20.4R3
- Available flash memory of 512 MB
Before you Begin
- Ensure that you have the same version of Junos OS on each node of the cluster.
- Ensure that both devices in the cluster are online at the same time.
- Remove chassis cluster fabric interface
enable
ordisable
configuration in case you have configured that option.
Example:
user@host# delete interfaces fab0 fabric-options member-interfaces interface-name enable/ disable
Upgrade Junos OS Using USB Flash Drive or J-Web
USB Flash Drive
You can use a USB flash drive to upgrade Junos OS images or recover an SRX Series Firewall after boot media corruption in cases where you don't have console access to an SRX Series Firewall. For more information, see the KB article at Install Software via CLI (Method 3 - from Junos software copied to USB stick).
J-Web
You can upgrade your SRX Series Firewall in a few steps using J-Web. For more information, see Install Software Packages.
Upgrade Considerations for vSRX Virtual Firewall VM
If you consider upgrading Junos OS on your vSRX Virtual Firewall VM, note the following:
-
We recommend that you deploy a new vSRX Virtual Firewall VM instead of performing a Junos OS upgrade. The new VM enables you to move from vSRX Virtual Firewall to the newer and more enhanced vSRX Virtual Firewall 3.0 version.
-
Moving to the vSRX Virtual Firewall 3.0 software architecture offers many benefits including introduction to new services, delivering customized services, and scaling security services based on dynamic needs. Junos OS Release 18.4R1 and later releases support vSRX Virtual Firewall 3.0.
-
See the KB article Overview of the Available Virtual SRX Models, vSRX and vSRX 3.0 for more details on vSRX Virtual Firewall 3.0 support and Migrate to vSRX3.0 for instructions on migrating to vSRX Virtual Firewall 3.0.
Upgrade Considerations for Your cSRX Container Firewall Container Firewall
Starting in Junos OS Release 20.2R1, the Juniper Networks® cSRX Container Firewall Container Firewall image is available for download from the Juniper Support site, similar to other Junos OS platform images. The cSRX Container Firewall container is packaged in a Docker image and runs in the Docker Engine on the Linux host.
To upgrade cSRX Container Firewall, you must download the cSRX Container Firewall software image from the Juniper Networks website on your Docker environment and launch the new cSRX Container Firewall instance. For more information, see the following linlks:
For docker installation instructions on the different supported Linux host operating systems, see:
-
Docker Engine installation—https://docs.docker.com/engine/installation/
- Script to install Docker Engine—https://get.docker.com/
-
Centos/Red Hat—https://docs.docker.com/install/linux/docker-ce/centos/
-
Debian—https://docs.docker.com/install/linux/docker-ce/debian/
-
Fedora—https://docs.docker.com/install/linux/docker-ce/fedora/
-
Ubuntu—https://docs.docker.com/install/linux/docker-ce/ubuntu/
For complete information about how to implement Juniper’s cSRX Container Firewall on a server with Ubuntu OS, see Day One: Building Containers with cSRX.
Upgrade Junos OS on SRX Series Firewalls Managed by Junos Space
SUMMARY Use the following simple steps to upgrade your security device managed by Junos Space. Watch the video Junos Space Image Management to understand the procedure.
We'll use the following hardware and software combination in this example:
- Juniper Networks SRX300 Firewall managed by Security Director
- Junos OS Release 15.1X49-D170
Upgrade Junos OS on SRX Series Firewalls Managed by Juniper Security Director Cloud
You can use Juniper Security Director Cloud to manage the software images running on SRX Series (both standalone and chassis clusters) and vSRX Virtual Firewall. Juniper Security Director Cloud helps you to manage (add, stage, deploy, and delete) the entire lifecycle of images of all managed network devices.
To perform the Junos OS upgrade on devices managed by security director cloud, go to SRX > Device Management > Software images.
When you need to upgrade or downgrade the image running on a device, you can add software images of devices, stage and deploy the required image on the device by using Juniper Security Director Cloud.
For more information, see About the Images Page of Juniper Security Director Cloud User Guide.
Upgrade Junos OS on SRX Series Firewalls Managed by Juniper Sky™ Enterprise
You can upgrade your Junos OS devices easily with images hosted by Juniper Sky Enterprise. Juniper Sky Enterprise streamlines the Junos OS image upgrade process by using only a browser.
To perform the Junos OS upgrade on devices managed by Juniper Sky Enterprise:
-
Select a target device from the Juniper Sky Enterprise dashboard and select the Junos OS image version you want to upgrade.
-
Click the Upgrade option.
-
Juniper Sky Enterprise checks for available disk space. If there is sufficient space, it enables the New Upgrade option to continue.
Juniper Sky Enterprise delivers the image directly from Juniper Networks, making the process fast and efficient. For more information, see Juniper Sky Enterprise User Guide.
After You Upgrade to Junos OS Release 21.2R3
Perform the following steps after you upgrade to Junos OS Release 19.4R3 or to Junos OS Release 21.2R3.
-
Copy the device configuration files back to the device. We recommend that you retain the configuration unless you are deploying a new vSRX Virtual Firewall VM.
-
Download and install the latest intrusion detection and prevention (IDP) signature package. See Updating the IDP Signature Database Manually.
-
Download and install the latest application signature package. See Downloading and Installing the Junos OS Application Signature Package Manually.
-
Change GPRS tunneling protocol (GTP) settings. GTP distribution without GTP inspection does not work after an upgrade from Junos OS Release 15.1X49 to Junos OS 18.X releases. You can use one of the following workarounds:
-
Disable the GTP distribution feature if possible.
-
Enable GTP inspection on all GTP traffic that passes through the device. You do this by configuring a GTP profile on all security policies that may carry GTP traffic. See Example: Enabling GTP Inspection in Policies.
-
-
Decide when you’d like to migrate to unified policies. See Start Using Unified Policies Post Upgrade.
Licensing Requirements
Starting in Junos OS Release 21.1R1, we've transitioned to the Flex Software Subscription Licensing Model for SRX Series Firewalls and vSRX Virtual Firewall. Junos OS Releases before Release 21.1 use licenses from a legacy Licensing Management System (LMS).
If you have legacy license keys and if you apply them when you upgrade to Junos OS Release 21.1, Release 21.2R3, or later releases, the license expires after a grace period of 30 days. You must purchase a new license using the Juniper Agile Licensing (JAL) portal. See Flex Software License for SRX Series Devices for details.
If you have any questions, contact your Juniper Networks sales representative at https://www.juniper.net/in/en/contact-us/ and they will assist you in choosing the best licensing model for your application.
What's Next
Now that you've installed the new Junos OS on your device, if you want to migrate to the unified policy configuration, see Start Using Unified Policies Post Upgrade. Otherwise, learn about new features and enhancements that you can start using with your Junos OS. See Explore New Features Post Upgrade to Junos OS Release 19.4R3.