How to Upgrade to Junos OS Release 19.4R3 and 20.2R3
SUMMARY In this topic, you’ll learn how to upgrade Junos OS software from Release 15.1X49 to Release 19.4R3 on SRX Series and learn about the upgrade options available for your vSRX VM.
Best Practices for Upgrading Junos OS
We suggest you start with the following best practices to optimize your upgrade experience:
-
Connect your device to the Internet.
-
Back up the current configuration.
-
Ensure that there are no uncommitted changes.
-
Clear files and erase unwanted or unused configurations using the
request system storage cleanupcommand. - Ensure both nodes are online and have same version of Junos OS in case of a chassis cluster setup.
-
Plan for an extended maintenance window preferably during non-business hours to minimize impact.
- Allocate sufficient time during the maintenance window for the upgrade, troubleshooting, and any post configuration procedures.
- Identify business contacts who will help verify application and network functionality after the upgrade.
Follow Pre-Installation Steps
Ensure that you complete the following tasks before you perform the upgrade to Junos OS Release 19.4R3 or Junos OS Release 20.2R3.
- Check the current Junos OS software version.
user@host> show versionHostname: srx4200-02 Model: srx4200 Junos: 15.1X49-D170.4 JUNOS Software Release [15.1X49-D170.4]
- Check whether the system has sufficient storage for the upgrade.
user@host> show system storageFilesystem Size Used Avail Capacity Mounted on /dev/vtbd0s1a 501M 366M 95M 79% / devfs 1.0K 1.0K 0B 100% /dev /dev/md0 1.0G 1.0G 0B 100% /junos /cf 501M 366M 95M 79% /junos/cf devfs 1.0K 1.0K 0B 100% /junos/dev/ procfs 4.0K 4.0K 0B 100% /proc /dev/vtbd1s1e 1.6G 82K 1.4G 0% /config /dev/vtbd1s1f 14G 141M 13G 1% /var /dev/vtbd3s2 91M 948K 90M 1% /var/host /dev/md1 320M 1.4M 293M 0% /mfs /var/jail 14G 141M 13G 1% /jail/var /var/jails/rest-api 14G 141M 13G 1% /web-api/var /var/log 14G 141M 13G 1% /jail/var/log ..... ......
From the sample output, /dev/vtbd0s1a and /dev/vtbd1s1f indicate storage available on the compact flash and hard disk.
- Save the active configuration and license keys. You can save the backup
configuration file on your device or a USB drive connected to your device. You
can also use TFTP or SCP server or on your system such as laptop to save the
file.
Following example shows saving of an active configuration file on the device.
user@host> show configuration | save /var/tmp/filenameWrote 273 lines of output to '/var/tmp/backup.txt'
The system saves the active configuration at the specified file location.
You can save license keys using the
user@host> request system license save filenamecommand.You can create copies of the software running on your device using the system snapshot feature. Having a snapshot of software helps you to recover to a known, stable environment in case something goes wrong with the upgrade. See Backing Up an Installation Using Snapshots.
- Ensure that there are no uncommitted changes.
- Remove the NTP configuration that has more than one source
address.
user@host# delete system ntp source-address source-address;
- Remove chassis cluster fabric interface configuration if you have configured the
enableordisableoption.user@host# set interfaces fab0 fabric-options member-interfaces sinterface-name enable/disable
Upgrade Directly on Your Security Device (CLI)
We'll use the following hardware and software combination in this example:
- SRX4200 device
- Junos OS Release 15.1X49-D170
- Available flash memory of 512 MB
Use this procedure to learn how to upgrade from Junos OS Release 15.1X49-D170 to Junos OS Release 19.4R3-S1:
-
Navigate to the Juniper Networks Support page for the SRX4200 and
select OS as Junos SR and version as 19.4 as shown in Figure 1.
Figure 1: Download Junos OS Software
-
Verify MD5 checksums on a Junos install package.
This step confirms that the Junos installation package downloaded from the Juniper Networks website is not modified in any way.
-
Compare the MD5 hash output with the MD5 hash provided on the
download page when you click the checksums option:
-
Compare the MD5 hash output with the MD5 hash provided on the
download page when you click the checksums option:
Upgrade Directly on Your Security Devices in a Chassis Cluster (CLI)
We'll use the following hardware and software combination in this example:
- SRX4200 devices in a chassis cluster setup
- Junos OS Release 15.1X49-D170
- Available flash memory of 512 MB
Before you Begin
- Ensure that you have the same version of Junos OS on each node of the cluster.
- Ensure that both devices in the cluster are online at the same time.
- Remove the chassis cluster fabric interface configuration if you have configured the enable or disable option.
user@host# set interfaces fab0 fabric-options member-interfaces sinterface-name enable/ disable
Upgrade Junos OS Using a USB Flash Drive or J-Web
USB Flash Drive
You can use a USB flash drive to upgrade Junos OS images or recover an SRX Series device after boot media corruption in cases where there is no console access to an SRX Series device. For more information, see the KB article at Install Software via CLI (Method 3 - from Junos software copied to USB stick).
J-Web
You can upgrade your SRX Series device in a few steps using J-Web. For more information, see Install Software Packages.
Upgrade Your vSRX VM
If you consider to upgrade Junos OS on your vSRX VM, note the following:
- We recommend that you deploy a new vSRX VM instead of performing a Junos OS upgrade. The new VM enables you to move from vSRX to the newer and more enhanced vSRX 3.0 version.
- Moving to the vSRX 3.0 software architecture enables you to quickly introduce
new services, deliver customized services to users, and scale security services
based on dynamic needs. Junos OS Release 18.4R1 and later releases support vSRX
3.0.
You can download the vSRX3.0 image from Juniper Networks Support page.
- Ensure to save the configuration, certificate, and license files before you perform the upgrade.
See the KB article Overview of the Available Virtual SRX Models, vSRX and vSRX 3.0 for more details on vSRX 3.0 support.
Refer to the vSRX Documentation for instructions on installing a new VM.
Upgrade Your cSRX Software Image
Starting in Junos OS Release 20.2R1, the Juniper Networks® cSRX Container Firewall image is available for download from the Juniper Support site, similar to other Junos OS platform images. The cSRX container is packaged in a Docker image and runs in the Docker Engine on the Linux host.
To install cSRX in a bare-metal Linux server:
- Review Requirements to verify the system software specifications for the Linux server required to deploy the cSRX container.
- Install and configure Docker on your Linux host platform to implement the Linux container environment. Docker installation requirements vary based on the platform and the host OS (Ubuntu, Red Hat Enterprise Linux (RHEL), or CentOS).
- For docker installation instructions on the different supported Linux host
operating systems, see:
-
Docker Engine installation—https://docs.docker.com/engine/installation/
-
Script to install Docker Engine—https://get.docker.com/
-
Centos/Redhat—https://docs.docker.com/install/linux/docker-ce/centos/
-
Debian—https://docs.docker.com/install/linux/docker-ce/debian/
-
Fedora—https://docs.docker.com/install/linux/docker-ce/fedora/
-
Ubuntu—https://docs.docker.com/install/linux/docker-ce/ubuntu/
-
- Download the cSRX software image from the Juniper Networks website and install it on your host. See Loading the cSRX Image for details.
For complete information about how to implement Juniper’s cSRX on a server with Ubuntu OS, see Day One: Building Containers with cSRX.
Upgrade Junos OS on SRX Series Devices Managed by Junos Space
SUMMARY We'll use the following simple steps to upgrade your security device managed by Junos Space. Watch the video Junos Space Image Management to understand the procedure.
We'll use the following hardware and software combination in this example:
- SRX4100 device managed by Security Director
- Junos OS Release 15.1X49-D170
-
On the Network Management Platform GUI, select Devices >
Device Management. The Device Management page is
displayed.
-
Go to Images and Scripts and select
Images. Click the Import Image icon to upload the
image file into Junos Space Platform.
-
Validate the image by selecting the Actions > Verify Image on
Device option.
-
Select the uploaded Junos OS image and choose the Deploy
Image option from Actions.
Alternatively, you can choose to stage the deploy at a later time by
selecting the Stage Image on Device option.
-
In the Deploy Image on Devices page, select the device that you want to
upgrade and specify the Remove package after Successful
Installation and Delete any existing image before
download options.
- Check the Junos OS version after the system reboots using the show version command.
- Ensure your device settings, network settings, and other configuration are in place using the show configuration command.
Upgrade Junos OS on SRX Series Devices Managed by Juniper Sky™ Enterprise
You can upgrade your Junos OS devices easily with images hosted by Juniper Sky Enterprise. Juniper Sky Enterprise streamlines the Junos OS image upgrade process using only a browser.
To perform Junos upgrade on a device:
- Select a target device from the Juniper Sky Enterprise dashboard and select the Junos OS image version you want to upgrade.
- Click Upgrade option.
-
Sky Enterprise checks for available disk space. If there is sufficient space, it enables the New Upgrade option to continue.
Sky Enterprise delivers the image directly from Juniper Networks, making the process fast and efficient. For more information, see Juniper Sky Enterprise User Guide.
After You Upgrade to Junos OS Release 19.4R3 or 20.2R3
Perform the following steps after you upgrade to Junos OS Release 19.4R3 or to Junos OS Release 20.2R3.
-
Copy the device configuration files back to the device. We recommend to retain the configuration unless you are deploying a new vSRX VM.
-
Download and install the latest IDP signature package. See Updating the IDP Signature Database Manually.
- Download and install the latest application signature package. See Downloading and Installing the Junos OS Application Signature Package Manually.
- Change GPRS tunneling protocol (GTP) settings. GTP distribution without GTP
inspection does not work after an upgrade from Junos OS Releases 15.1X49 to 18.X
releases. You can use one of the following workarounds:
- Disable the GTP Distribution feature if possible.
- Enable GTP Inspection on all GTP traffic which passes through the device, by configuring a GTP profile on all security policies which may carry GTP traffic. See Example: Enabling GTP Inspection in Policies.
- Decide when you’d like to migrate to unified policy. See Start Using Unified Policies Post Upgrade.
Licensing Requirements
Starting in January 2020, we've transitioned to the Flex Software Subscription Licensing Model for SRX Series and vSRX. If you are not currently using the legacy licenses model, see the Flex Software License for SRX Series Devices.
If you have any questions, contact your Juniper Networks sales representative at https://www.juniper.net/in/en/contact-us/ and they will assist you in choosing the best licensing model for your application.
If you have legacy license models, you can continue to use them when you upgrade to Junos OS release 19.4R3 or 20.2R3.
What's Next
Now you have installed the new Junos OS on your device. If you want to migrate to the unified policy configuration, see Start Using Unified Policies Post Upgrade. Otherwise, learn about new features and enhancements that you can start using with your Junos OS. See Explore New Features Post Upgrade to Junos OS Release 19.4R3.