Knowledge Center Search


 

[ScreenOS] How to save and use multiple ScreenOS firmwares on firewall flash

  [KB14136] Show KB Properties

  [KB14136] Hide KB Properties

Categories:
Knowledge Base ID: KB14136
Last Updated: 17 Jun 2010
Version: 2.0

Summary:
The following procedures will be presented in this KB:
  • Loading two ScreenOS images from a TFTP server to flash using the bootloader
  • Booting a specific ScreenOS image from flash using bootloader
  • Booting a specific ScreenOS image from flash every time the firewall restarts

Problem or Goal:
It is sometimes needed to have multiple ScreenOS images on the firewall flash.

Solution:

Loading two ScreenOS images from TFTP server to flash using bootloader

  1. Reboot the firewall and follow the procedure of loading an image from a TFTP server using bootloader:
  2. NetScreen NS-ISG 2000 BootROM V1.0.0 (Checksum: 7E8EDC43)
    Copyright (c) 1997-2004 NetScreen Technologies, Inc.

    Total physical memory: 2048MB
    Test - Pass
    Initialization................ Done

    Hit key 'X' and 'A' sequentially to update OS Loader....

    Loading OS Loader from on-board flash memory... +++
    Done!

    Ignore image authentication!

    Start loading...
    .......................
    Done.


    Juniper Networks NS-ISG 2000 OS Loader Version 1.1.5

    Initialize FBTL 0.. Done

    Hit any key to load new firmware
    Hit any key to load new firmware

    Serial Number [0079062005000169]: READ ONLY
    BOM Version Number [E01]: READ ONLY
    Self MAC Address [0010-db8c-c040]: READ ONLY
    Firmware File Name [nsISG2000.6.1.0r4-cu7.0]: nsISG2000.5.4.0r12.0
    Self IP Address [172.16.1.92]: 172.16.72.135
    TFTP IP Address [172.16.1.22]: 172.16.73.141

    Save loader config (112 bytes)... Done

    Loading file "nsISG2000.5.4.0r12.0"...
    rtatatatatatatatatatatatatatatata...
    tatatatatatatatatatatatatatatatatatatatatata
    Loaded successfully! (size = 12,467,022 bytes)

    Ignore image authentication!
  3. When the image is loaded answer "m" on the prompt:
  4. Save to on-board flash disk? (y/[n]/m) m
  5. On the next prompt enter filename to which the image is going to be saved on the flash.
  6. IMPORTANT: Filename needs to follow DOS 8.3 naming standard.
    Please input multiple system image file name [nsISG2000.5.4.0r12.0]: 54r12.img

    Saving multiple system image "54r12.img" to on-board flash disk...
    Program flash (12,467,022 bytes) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    Done
  7. When asked to run the downloaded image enter "n" and the firewall will reboot allowing another image to be saved to flash.
  8. Run downloaded system image? ([y]/n) n

    NetScreen NS-ISG 2000 BootROM V1.0.0 (Checksum: 7E8EDC43)
    Copyright (c) 1997-2004 NetScreen Technologies, Inc.

    Total physical memory: 2048MB
    Test - Pass
    Initialization................ Done

    Hit key 'X' and 'A' sequentially to update OS Loader....

    Loading OS Loader from on-board flash memory... +++
    Done!

    Ignore image authentication!

    Start loading...
    .......................
    Done.
    Juniper Networks NS-ISG 2000 OS Loader Version 1.1.5

    Initialize FBTL 0.. Done

    Hit any key to load new firmware
    Hit any key to load new firmware
    Hit any key to load new firmware
  9. Follow the same procedure for loading the next image to the flash.
  10. Serial Number [0079062005000169]: READ ONLY
    BOM Version Number [E01]: READ ONLY
    Self MAC Address [0010-db8c-c040]: READ ONLY
    Firmware File Name [nsISG2000.5.4.0r12.0]: nsISG2000.6.0.0r8.0
    Self IP Address [172.16.72.135]:
    TFTP IP Address [172.16.73.141]:

    Save loader config (112 bytes)... Done

    Loading file "nsISG2000.6.0.0r8.0"...
    rtatatatatatatatatatatatatatatatatatatatata...
    tatatatatatatatatatatatatatatata
    Loaded successfully! (size = 12,903,208 bytes)

    Ignore image authentication!

    Save to on-board flash disk? (y/[n]/m) m
    Please input multiple system image file name [nsISG2000.6.0.0r8.0]: 60r8.img

    Saving multiple system image "60r8.img" to on-board flash disk...
    Program flash (12,903,208 bytes) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    Done

    Run downloaded system image? ([y]/n)
  11. To list the flash file system and see the newly saved images use exec vfs ls flash: command.
  12. nsisg2000-> exec vfs ls flash:
    $NSBOOT$.BIN 13,565,564
    envar.rec 182
    golerd.rec 0
    node_secret.ace 0
    syscert.cfg 1,167
    certfile.cfg 4,856
    certfile.dsc 840
    license.key 1,442
    ns_sys_config 1,254
    prngseed.bin 32
    $lkg$.cfg 2,656
    detector2.so 651,731
    scio_setting 53
    policy.gz.v 1,136,410
    sgc_get.cmd 27
    sgc_get.out 13,894
    54r12.img 12,467,022
    60r8.img 12,903,208
    81,907,712 bytes free (122,677,248 total) on disk


Booting a specific ScreenOS image from flash using bootloader

  1. Reboot the firewall>
  2. NetScreen NS-ISG 2000 BootROM V1.0.0 (Checksum: 7E8EDC43)
    Copyright (c) 1997-2004 NetScreen Technologies, Inc.

    Total physical memory: 2048MB
    Test - Pass
    Initialization................ Done

    Hit key 'X' and 'A' sequentially to update OS Loader....

    Loading OS Loader from on-board flash memory... +++
    Done!

    Ignore image authentication!

    Start loading...
    .......................
    Done.


    Juniper Networks NS-ISG 2000 OS Loader Version 1.1.5

    Initialize FBTL 0.. Done

  3. Interrupt the bootloader but pressing any key.
  4. Hit any key to load new firmware
    Hit any key to load new firmware

    Serial Number [0079062005000169]: READ ONLY
    BOM Version Number [E01]: READ ONLY
    Self MAC Address [0010-db8c-c040]: READ ONLY

  5. When bootloader prompts for File Name enter the name of one of the files previously saved on the flash, prefixed by flash:/ .
  6. Firmware File Name [nsISG2000.6.0.0r8.0]: flash:/60r8.img

    Loading file "60r8.img" from on-board flash disk...
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    Done! (size = 12,903,208 bytes)

    Ignore image authentication!

    Start loading...
    .................................................................
    .................................................................
    .................................................................



Booting a specific ScreenOS image from flash every time the firewall restarts

  1. In order to make the firewall boot one of the saved images every time it reloads, the environment variable boot needs to be set:
  2. nsisg2000-> set envar boot=flash:/54r12.img
    nsisg2000-> get env
    default_image=nsISG2000.6.1.0r4-cu7.0
    run_image=flash:60r8.img
    loader_version=1.1.5
    last_reset=2009-05-08 13:53:28 by netscreen
    sme=
    .hash-seg=6 (2136750376)
    boot=flash:/54r12.img

  3. When firewall is rebooted it will load the image specified in the boot environment variable:
  4. nsisg2000-> reset
    System reset, are you sure? y/[n] y
    In reset ...


    NetScreen NS-ISG 2000 BootROM V1.0.0 (Checksum: 7E8EDC43)
    Copyright (c) 1997-2004 NetScreen Technologies, Inc.

    Total physical memory: 2048MB
    Test - Pass
    Initialization................ Done

    Hit key 'X' and 'A' sequentially to update OS Loader....

    Loading OS Loader from on-board flash memory... +++
    Done!

    Ignore image authentication!

    Start loading...
    .......................
    Done.


    Juniper Networks NS-ISG 2000 OS Loader Version 1.1.5

    Initialize FBTL 0.. Done

    Hit any key to load new firmware
    Hit any key to load new firmware
    Hit any key to load new firmware
    Hit any key to load new firmware

    Loading file "/54r12.img" from on-board flash disk...
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    Done! (size = 12,467,022 bytes)

Purpose:
Configuration

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.