How do I upgrade a Juniper SRX Series gateway

Within this tutorial we will be providing the steps required to upgrade your Juniper SRX firewall.

Copy Image

First of all we copy the image over to the SRX via the use of scp. In this case I have used putty’s pscp.

C:\Windows\System32>pscp “C:\Users\admin\Downloads\junos-srxsme-11.4R1.6-domestic.tgz” root@[SRX IP]:/mfs

Confirm Hash

Next we confirm that the file is complete and is not corrupted by clarifying the MD5 hash of the file. The MD5 files can be obtained from the same page as the image files from within Junipers download section.

root@srx100> start shell
root@srx100% md5 /mfs/junos-srxsme-11.4R1.6-domestic.tgz
MD5 (/mfs/junos-srxsme-11.4R1.6-domestic.tgz) = 1a98b252c4b74f4de0ff8a87bf95194f

Upgrade

The device is then upgraded by issuing the following command.

root@srx100> request system software add no-copy validate /mfs/junos-srxsme-11.4R1.6-domestic.tgz
Formatting alternate root (/dev/da0s2a)…
/dev/da0s2a: 298.0MB (610284 sectors) block size 16384, fragment size 2048
        using 4 cylinder groups of 74.50MB, 4768 blks, 9600 inodes.
super-block backups (for fsck -b #) at:
 32, 152608, 305184, 457760
Checking compatibility with configuration
Initializing…
Verified manifest signed by PackageProduction_11_1_0
Verified junos-11.1R1.10-domestic signed by PackageProduction_11_1_0
Using junos-11.4R1.6-domestic from /altroot/cf/packages/install-tmp/junos-11.4R1.6-domestic
Copying package …
Verified manifest signed by PackageProduction_11_4_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
cp: /cf/var/validate/chroot/var/etc/resolv.conf and /etc/resolv.conf are identical (not copied).
cp: /cf/var/validate/chroot/var/etc/hosts and /etc/hosts are identical (not copied).
mgd: commit complete
Validation succeeded
Validating against /config/rescue.conf.gz
mgd: commit complete
Validation succeeded
rm: /cf/var/validate/chroot/cf/opt/bin: Directory not empty
rm: /cf/var/validate/chroot/cf/opt/etc: Directory not empty
rm: /cf/var/validate/chroot/cf/opt: Directory not empty
rm: /cf/var/validate/chroot/cf: Directory not empty
rm: /cf/var/validate/chroot: Directory not empty
Installing package ‘/altroot/cf/packages/install-tmp/junos-11.4R1.6-domestic’ …
Verified junos-boot-srxsme-11.4R1.6.tgz signed by PackageProduction_11_4_0
Verified junos-srxsme-11.4R1.6-domestic signed by PackageProduction_11_4_0
JUNOS 11.4R1.6 will become active at next reboot
WARNING: A reboot is required to load this software correctly
WARNING:     Use the ‘request system reboot’ command
WARNING:         when software installation is complete
Saving state for rollback …

Confirm

Once the device has been rebooted via the use of ‘request system reboot’ the new version can be verified.

root@srx100> show version
Hostname: srx100
Model: srx100h
JUNOS Software Release [11.4R1.6]

Issues

In the event of the upgrade reporting errors relating to disk space the following commands can be used to clear disk space.

request system storage cleanup
request system software delete-backup

Rollback

To roll back the following command can be used.

request system software rollback

 

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial