Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Upgrading from ScreenOS 5.2.x (NS5200-MGT1+8G) to ScreenOS 5.4.x (NS5200-MGT2+8G2)

0

0

Article ID: KB10057 KB Last Updated: 23 Jun 2010Version: 4.0
Summary:

Steps required to maintain the configuration while upgrading both ScreenOS and NS5200 modules.

Symptoms:
Upgrading from ScreenOS 5.2.0r2 to 5.4.0r4 is a two-step process.  First step is to upgrade to ScreenOS 5.2.0r3.  Second step is to upgrade to ScreenOS 5.4.0r4.

The problem is that the customer may also be upgrading the NS5000 line cards from MGT1 to MGT2 and 8G to 8G2.  This poses another layer of complexity as different NS5000 line cards require different ScreenOS software.
Solution:

Note the following ScreenOS 5.4 software format for various 5200 platforms:

Platform and Module Software String
MGT1+8G ns5000.5.4.0r4.0
MGT2+8G ns5000.5.4.0-M2.r4.0
MGT2+8G2 ns5000.5.4.0-M2A.r4.0


In this example, a NS5200 (MGT1+8G) running ScreenOS 5.2.0r2 will be upgraded to NS5200 (MGT2+8G2) running ScreenOS 5.4.0r4; both the software and hardware modules will be upgraded. 


To upgrade the firewall,  first upgrade from ScreenOS 5.2.0r2 to 5.2.0r3 and then from ScreenOS 5.2.0r3  to 5.4.r4. The following steps assume the firewall is a NS5200 running MGT1+8G, 5.2.0r2.

  1. TFTP the configuration from the Firewall to the TFTP server.  (This step is necessary since the configuration is stored in the MGT module's flash card.  The configuration will need to be moved from the M1 to the M2 module.)
    save config to tftp x.x.x.x ns5200.config.txt

  2. Power down the firewall and swap the MGT1 module with the MGT2 module.

  3. Power up the firewall. At this point, the Firewall has the MGT2+8G modules installed. The MGT2 should also be running ScreenOS 5.2.0r2.

  4. Configure an IP address on the MGT2 interface.
    set interface mgt ip x.x.x.x/x

  5. TFTP the configuration file from the TFTP server to the firewall
    save config from tftp x.x.x.x ns5200.config.txt
    save
    reset

  6. Upgrade the firewall (5200 with MGT2+8G) to ScreenOS 5.2.0r3 (software string: ns5000.5.2.0-M2.r3.0.) and reset the firewall. (This upgrade step is necessary to upgrade the configuration file from ScreenOS 5.2.0r2 to 5.2.0r3 version.)   

    Please refer to the following KB article for upgrade steps.  http://kb.juniper.net/KB5519



  7. Upgrade the firewall (5200 with MGT2+8G) to ScreenOS 5.4.0r4 (software string: ns5000.5.4.0-M2.r4.0.) and reset the firewall. (This upgrade step is necessary to upgrade the config file from 5.2.0r3 to 5.4.0r4 version.)

  8. Power down the firewall.

  9. Remove the 8G module. Swap in the 8G2 module.  (make sure the 8G2 module has 1GB of RAM)
    Consult: KB8827 - Memory Requirement for NS5000 line cards while upgrading to ScreenOS 5.4 and later

  10. Power up the firewall.

  11. To support the new 8G2 module, upgrade the firewall to M2A ScreenOS 5.4.0r4 (software string: 5.4.0-M2A.r4.0).  NS5200 with MGT2+8G2 modules will ONLY run using the "M2A" verison of code.  To upgrade to this version, it is necessary to load ns5000.5.4.0-M2A.r4.0 by breaking into the boot loader process.
    Example:
    NS5200-> reset
    System reset, are you sure? y/[n] y
    In reset ...

    NetScreen NS-5000 Boot Loader Version 2.0.0 (Checksum: 44E18C79)
    Copyright (c) 1997-2003 NetScreen Technologies, Inc.

    Total physical memory: 512MB
        Test - Pass
        Initialization.... Done

    Hit any key to run loader
    Hit any key to run loader

    Serial Number [0040092003000010]: READ ONLY BOM Version [C02]: READ ONLY
    Self MAC Address [0010-db53-1b40]: READ ONLY Boot File Name
    [ns5000.5.2.0-M2.r2.0.]: ns5000.5.4.0-M2A.r4.0
    Self IP Address [172.19.50.113]: x.x.x.x      <=== IP address of Management Interface
    TFTP IP Address [172.19.50.129]: y.y.y.y      <=== IP address of TFTP server
  12. At this point, the upgrade is complete.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search