Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

How to Upgrade to Junos OS Release 19.4R3 and 20.2R3

SUMMARY In this topic, you’ll learn how to upgrade Junos OS software from Release 15.1X49 to Release 19.4R3 on SRX Series and learn about the upgrade options available for your vSRX Virtual Firewall VM.

Best Practices for Upgrading Junos OS

We suggest you start with the following best practices to optimize your upgrade experience:

  • Read Release Notes for Junos OS Release 19.4R3 and 20.2R3.

  • Connect your device to the Internet.

  • Back up the current configuration.

  • Ensure that there are no uncommitted changes.

  • Clear files and erase unwanted or unused configurations using the request system storage cleanup command.

  • Ensure both nodes are online and have same version of Junos OS in case of a chassis cluster setup.

  • Plan for an extended maintenance window preferably during non-business hours to minimize impact.

  • Allocate sufficient time during the maintenance window for the upgrade, troubleshooting, and any post configuration procedures.
  • Identify business contacts who will help verify application and network functionality after the upgrade.

Follow Pre-Installation Steps

Ensure that you complete the following tasks before you perform the upgrade to Junos OS Release 19.4R3 or Junos OS Release 20.2R3.

  • Check the current Junos OS software version.

    user@host> show version

  • Check whether the system has sufficient storage for the upgrade.

    user@host> show system storage

    From the sample output, /dev/vtbd0s1a and /dev/vtbd1s1f indicate storage available on the compact flash and hard disk.

  • Save the active configuration and license keys. You can save the backup configuration file on your device or a USB drive connected to your device. You can also use TFTP or SCP server or on your system such as laptop to save the file.

    Following example shows saving of an active configuration file on the device.

    user@host> show configuration | save /var/tmp/filename

    The system saves the active configuration at the specified file location.

    You can save license keys using the user@host> request system license save filename command.

    You can create copies of the software running on your device using the system snapshot feature. Having a snapshot of software helps you to recover to a known, stable environment in case something goes wrong with the upgrade. See Backing Up an Installation Using Snapshots.

  • Ensure that there are no uncommitted changes.
  • Remove the NTP configuration that has more than one source address.

Upgrade Directly on Your Security Device (CLI)

We'll use the following hardware and software combination in this example:

  • SRX4200 device
  • Junos OS Release 15.1X49-D170
  • Available flash memory of 512 MB

Use this procedure to learn how to upgrade from Junos OS Release 15.1X49-D170 to Junos OS Release 19.4R3-S1:

  1. Navigate to the Juniper Networks Support page for the SRX4200 and select OS as Junos SR and version as 19.4 as shown in Figure 1.
    Figure 1: Download Junos OS Software Download Junos OS Software
  2. Click tgz (1197.08 MB) under Downloads.
  3. Enter your credentials to review and accept the End User License Agreement. You’ll be guided to the software image download page.
  4. You’ll see the following two options in the download page. Use one of the options to download the Junos OS image file:
    • To download the image directly on your device, use the following URL—Directly downloads the image on your security device.

      Example:

      Your security device downloads the image to the /var/tmp/image-name location. The image name is junos-srxmr-x86-64-19.4R3-S1.3.tgz in this example.

    • To download the image on your local host, CLICK HERE—Downloads the image on your local system such as laptop. You can copy the software image from your local system to the security device using SCP or SFTP options.

    In this procedure, we’ll download the image directly on the security device. As per the instructions on the screen, copy the URL provided in the box. The URL string is copied to the clipboard.
  5. Verify MD5 checksums on a Junos install package.
    This step confirms that the Junos installation package downloaded from the Juniper Networks website is not modified in any way.
    1. List the files to display the downloaded image.
      user@host> file list /var/tmp
    2. Display the MD5 checksum value of your image file.
      user@host> file checksum md5 /var/tmp/junos-srxmr-x86-64-19.4R3-S1.3.tgz
    3. Compare the MD5 hash output with the MD5 hash provided on the download page when you click the checksums option:
    4. Repeat the steps to calculate the SHA1, SHA256, and SHA512 values of the file.
  6. Validate the Junos OS image to ensure that the existing configuration is compatible with the new image before you start the actual upgrade.
    user@host> request system software validate /var/tmp/junos-srxmr-x86-64-19.4R3-S1.3.tgz
    The SRX1500 device, SRX4000-line devices, SRX5000-line devices with RE3, and vSRX Virtual Firewall instances do not support the request system software validate command to validate the software.
  7. Install the image.
    user@host> request system software add /var/tmp/junos-srxmr-x86-64-19.4R1-S3.2.tgz no-copy
  8. Reboot your system.
    Reboot the system ? [yes,no] (no)
    Yes
  9. Check the Junos OS version after system reboots using the show version command.

Upgrade Directly on Your Security Devices in a Chassis Cluster (CLI)

We'll use the following hardware and software combination in this example:

  • SRX4200 devices in a chassis cluster setup
  • Junos OS Release 15.1X49-D170
  • Available flash memory of 512 MB

Before you Begin

  • Ensure that you have the same version of Junos OS on each node of the cluster.
  • Ensure that both devices in the cluster are online at the same time.
  • Remove the chassis cluster fabric interface configuration if you have configured the enable or disable option.
  1. Download and validate the Junos OS 19.4R3-S1 image. See Steps 1 to 6 provided in Upgrade Directly on Your Security Device (CLI) for details.
  2. Install the Junos OS image on node 0.
    Do not reboot the device after installation completes.
  3. Install the Junos OS image on node 1.
    Do not reboot the device after installation completes.
  4. Reboot both the nodes by using the request system reboot command on both the nodes separately.
    After the reboot, both the nodes will have the same Junos OS image.
  5. Check the Junos OS version after system reboots using the show version command.

Upgrade Junos OS Using a USB Flash Drive or J-Web

USB Flash Drive

You can use a USB flash drive to upgrade Junos OS images or recover an SRX Series Firewall after boot media corruption in cases where there is no console access to an SRX Series Firewall. For more information, see the KB article at Install Software via CLI (Method 3 - from Junos software copied to USB stick).

J-Web

You can upgrade your SRX Series Firewall in a few steps using J-Web. For more information, see Install Software Packages.

Upgrade Your vSRX Virtual Firewall VM

If you consider to upgrade Junos OS on your vSRX Virtual Firewall VM, note the following:

  • We recommend that you deploy a new vSRX Virtual Firewall VM instead of performing a Junos OS upgrade. The new VM enables you to move from vSRX Virtual Firewall to the newer and more enhanced vSRX Virtual Firewall 3.0 version.
  • Moving to the vSRX Virtual Firewall 3.0 software architecture enables you to quickly introduce new services, deliver customized services to users, and scale security services based on dynamic needs. Junos OS Release 18.4R1 and later releases support vSRX Virtual Firewall 3.0.

    You can download the vSRX3.0 image from Juniper Networks Support page.

  • Ensure to save the configuration, certificate, and license files before you perform the upgrade.

See the KB article Overview of the Available Virtual SRX Models, vSRX and vSRX 3.0 for more details on vSRX Virtual Firewall 3.0 support.

Refer to the vSRX Documentation for instructions on installing a new VM.

Upgrade Your cSRX Container Firewall Software Image

Starting in Junos OS Release 20.2R1, the Juniper Networks® cSRX Container Firewall Container Firewall image is available for download from the Juniper Support site, similar to other Junos OS platform images. The cSRX Container Firewall container is packaged in a Docker image and runs in the Docker Engine on the Linux host.

To install cSRX Container Firewall in a bare-metal Linux server:

  1. Review Requirements to verify the system software specifications for the Linux server required to deploy the cSRX Container Firewall container.
  2. Install and configure Docker on your Linux host platform to implement the Linux container environment.

    Docker installation requirements vary based on the platform and the host OS (Ubuntu, Red Hat Enterprise Linux (RHEL), or CentOS).
  3. For docker installation instructions on the different supported Linux host operating systems, see:
  4. Download the cSRX Container Firewall software image from the Juniper Networks website and install it on your host. See Loading the cSRX Image for details.

For complete information about how to implement Juniper’s cSRX Container Firewall on a server with Ubuntu OS, see Day One: Building Containers with cSRX.

Upgrade Junos OS on SRX Series Firewalls Managed by Junos Space

SUMMARY We'll use the following simple steps to upgrade your security device managed by Junos Space. Watch the video Junos Space Image Management to understand the procedure.

We'll use the following hardware and software combination in this example:

  • SRX4100 device managed by Security Director
  • Junos OS Release 15.1X49-D170
  1. On the Network Management Platform GUI, select Devices > Device Management. The Device Management page is displayed.
  2. Check the OS version running on the device.
  3. Navigate to the Juniper Networks Support page and download Junos OS version 19.4R3-S1 and save the file to your computer. See Upgrade Directly on Your Security Device (CLI) for instructions.
  4. Go to Images and Scripts and select Images. Click the Import Image icon to upload the image file into Junos Space Platform.
  5. Validate the image by selecting the Actions > Verify Image on Device option.
  6. Select the uploaded Junos OS image and choose the Deploy Image option from Actions. Alternatively, you can choose to stage the deploy at a later time by selecting the Stage Image on Device option.
  7. In the Deploy Image on Devices page, select the device that you want to upgrade and specify the Remove package after Successful Installation and Delete any existing image before download options.
  8. Click Deploy to start installation.
  9. Reboot the device after successful installation.
Complete the following checks after you install the new Junos OS version.
  • Check the Junos OS version after the system reboots using the show version command.
  • Ensure your device settings, network settings, and other configuration are in place using the show configuration command.

Upgrade Junos OS on SRX Series Firewalls Managed by Juniper Sky™ Enterprise

You can upgrade your Junos OS devices easily with images hosted by Juniper Sky Enterprise. Juniper Sky Enterprise streamlines the Junos OS image upgrade process using only a browser.

To perform Junos upgrade on a device:

  1. Select a target device from the Juniper Sky Enterprise dashboard and select the Junos OS image version you want to upgrade.
  2. Click Upgrade option.

  3. Sky Enterprise checks for available disk space. If there is sufficient space, it enables the New Upgrade option to continue.

Sky Enterprise delivers the image directly from Juniper Networks, making the process fast and efficient. For more information, see Juniper Sky Enterprise User Guide.

After You Upgrade to Junos OS Release 19.4R3 or 20.2R3

Perform the following steps after you upgrade to Junos OS Release 19.4R3 or to Junos OS Release 20.2R3.

Licensing Requirements

Starting in January 2020, we've transitioned to the Flex Software Subscription Licensing Model for SRX Series and vSRX Virtual Firewall. If you are not currently using the legacy licenses model, see the Flex Software License for SRX Series Devices.

If you have any questions, contact your Juniper Networks sales representative at https://www.juniper.net/in/en/contact-us/ and they will assist you in choosing the best licensing model for your application.

If you have legacy license models, you can continue to use them when you upgrade to Junos OS release 19.4R3 or 20.2R3.

What's Next

Now you have installed the new Junos OS on your device. If you want to migrate to the unified policy configuration, see Start Using Unified Policies Post Upgrade. Otherwise, learn about new features and enhancements that you can start using with your Junos OS. See Explore New Features Post Upgrade to Junos OS Release 19.4R3.