A Terminal Program (HyperTerminal or equivalent) is present
A TFTP server is available ((on the local segment to the firewall)
The bootloader image is stored on the TFTP server
To upgrade the bootloader image on the SSG device via Boot/Diag mode:
Connect the console from your PC to the firewall device
Start the Terminal Program and reset or power up the firewall device.
Interrupt the boot-up sequence when you see ‘Hit any ket to run loader’ by pressing any key.
Example: Juniper Networks SSG5-ISDN Boot Loader Version 1.2.4 (Checksum: 9AECEADD) Copyright (c) 1997-2006 Juniper Networks, Inc.
Total physical memory: 256MB Test - Pass Initialization - Done
Hit any key to run loader
The Boot / Diag Menu should be displayed. Enter the following information when prompted:
Self IP address - enter an IP address that is on the same subnet as the TFTP server
TFTP IP address -enter the IP address of the TFTP server
Boot File name - enter the file name of the bootloader to be upgraded to.
Example: Serial Number : READ ONLY HW Version Number : READ ONLY Self MAC Address [0012-1ebe-51c0]: READ ONLY Boot File Name [Loadssg5ssg20v124.d]: Loadssg5ssg20v132.d Self IP Address [192.168.10.1]: TFTP IP Address [192.168.10.12]:
After entering the information, the system displays information similar to the following:
Hit any key to reboot the system. It will now boot with the new bootloader, and boot the ScreenOS image. If you get the ScreenOS login prompt, you may now upgrade the ScreenOS to 6.1.0.
If you do not get the ScreenOS login prompt, most likely you answered Y when prompted to Save the bootloader to on-board flash in step 6. Therefore, the firewall rebooted without a ScreenOS image to boot to. The boot/diag mode will appear. If this happens, upgrade to ScreenOS 6.1.0 via the boot/diag mode: KB5519 - How To: Upgrade ScreenOS Software via Boot/Diag mode