Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How To: Upgrade Bootloader on firewall device

0

0

Article ID: KB10976 KB Last Updated: 20 Mar 2020Version: 9.0
Summary:

How To: Upgrade Boot Loader via Boot/Diag mode

Symptoms:
Environment:
  • Upgrade using the Console
  • Upgrade on boot up
  • Firewall has a direct connection to a TFTP server
  • Bootloader to be upgraded to is on the TFTP server
  • Bootloader upgrade is highly recommended when upgrading to ScreenOS 6.1.0
Symptoms & Errors:
  • Upgrade via TFTP
Solution:
noteBefore upgrading the bootloader on a Firewall device, ensure that the following has been established: 
  • A console cable has been connected to a COM serial port on PC and to the console port on the Firewall device.  For assistance, consult: Accessing the Command Line Interface via the Console Port on Your NetScreen, SSG, or ISG Firewall device
  • A Terminal Program (HyperTerminal or equivalent) is present
  • A TFTP server is available (on the local segment to the firewall). Please note the Firewall will try to contact TFTP server using its first interface (Ethernet0/0) or Management (MGT) interface, bases on your hardware platform. So, please ensure that the TFTP server is either directly connected to this interface or available on the LAN connected to this interface.
  • The bootloader image has been downloaded from the ScreenOS Software Download area
  • The bootloader image is stored on the root folder of TFTP server

 

To upgrade the bootloader image on the SSG device via Boot/Diag mode:

  1. Connect the console from your PC to the firewall device
  2. Start the Terminal Program and reset or power up the firewall device.
  3. Interrupt the boot-up sequence using the examples below depending upon the device. 
    Example 1:- For SSG5, SSG20 & SSG140, press any key:-

    Juniper Networks SSG5-ISDN Boot Loader Version 1.2.4 (Checksum: 9AECEADD)
    Copyright (c) 1997-2006 Juniper Networks, Inc.

    Total physical memory: 256MB
        Test - Pass
        Initialization - Done

    Hit any key to run loader

    Example 2:- For other ScreenOS devices, hit 'X' & 'A' sequentially:-
    NetScreen NS-ISG 2000 BootROM V1.0.0 (Checksum: 7E8EDC43)
    Copyright (c) 1997-2004 NetScreen Technologies, Inc.

     
    Total physical memory: 2048MB
    Test - Pass
    Initialization................ Done

     
    Hit key 'X' and 'A' sequentially to update OS Loader
     
  4. The Boot / Diag Menu should be displayed. Enter the following information when prompted: 
     
    Example:
    Serial Number [0169012006000005]: READ ONLY
    HW Version Number [1010]: READ ONLY
    Self MAC Address [0012-1ebe-51c0]: READ ONLY
    Boot File Name [Loadssg5ssg20v124.d]: Loadssg5ssg20v132.d
    Self IP Address [192.168.10.1]:
    TFTP IP Address [192.168.10.12]:
    • Self IP address - enter an IP address that is on the same subnet as the TFTP server
    • TFTP IP address -enter the IP address of the TFTP server
    • Boot File name - enter the file name of the bootloader to be upgraded to.
  5. After entering the information, the system displays information similar to the following:

    Loading file "Loadssg5ssg20v132.d"...

    >

    rtatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat
    atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat
    atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat
    atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat


    These are an indication the software load is in progress. The messages will go on for a few pages.
  6. After receiving the Loaded successful message, respond N to the message Save to on-board flash.  When prompted to run downloaded system image, answer  Y.
    Loaded successfully! (size = 407,770 bytes)
    Ignore image authentication!
    Save to on-board flash disk? (y/[n]/m) No!
    Run downloaded system image? ([y]/n) Yes!
    If you inadvertently responded Yes to Save to on-board flash, then continue onto step 7, but make sure you perform the note in step 8.   
  7. The boot loader update utility will now run. Don't power off or interrupt the process. It may render the system non-bootable.
                ******************************************************************
    *                                                                *
    *               SSG5/SSG20 BOOT LOADER UPDATE UTILITY            *
    *         ==============================================         *
    *               (c)1997-2006 Juniper Networks, Inc.              *
    *                      All Rights Reserved                       *
    *                                                                *
    *         ----------------------------------------------         *
    *         Boot Loader Version: 1.3.2                             *
    *         Date               : 05/26/2006                        *
    *                                                                *
    *         !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!         *
    *         !                                            !         *
    *         ! Please don't power off during update.      !         *
    *         ! Otherwise, the system can not boot again.  !         *
    *         !                                            !         *
    *         !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!         *
    *                                                                *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *                                                                *
    ******************************************************************


Check on-board Boot Loader... Update needed!

Are you sure you want to update Boot Loader? (y/n)

Read product information of on-board boot flash device:
    Manufacturer ID      = 1f
    Device ID            = 13
    Additional Device ID = 10

Boot flash device is AT49LV040B

Erase on-board boot flash device.......... Done

Update Boot Loader........................................................................Done

Verify Boot Loader... Done

Boot Loader has been updated successfully!

Please hit any key to reboot the system...
8. Hit any key to reboot the system. It will now boot with the new bootloader, and boot the ScreenOS image.  If you get the ScreenOS login prompt, you may now upgrade the ScreenOS.


note  If you do not get the ScreenOS login prompt, most likely you answered Y when prompted to Save the bootloader to on-board flash in step 6.  Therefore, the firewall rebooted without a ScreenOS image to boot to.  The boot/diag mode will appear.  If this happens, upgrade to ScreenOS via the boot/diag mode:  KB5519 - How To: Upgrade ScreenOS Software via Boot/Diag mode
Modification History:
2020-03-20: Minor, non-technical update.
2017-12-26: Article reviewed for accuracy. Edited article to reflect different ways to enter loader depending upon the model. Article is correct and complete.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search