Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to upgrade Bootloader version on firewall device



Article ID: KB10976 KB Last Updated: 30 Oct 2020Version: 10.0

How to upgrade Boot Loader version via Boot/Diag mode.

  • Upgrade using the Console
  • Upgrade on boot up
  • Firewall has a direct connection to a TFTP server
  • Bootloader to be upgraded to is on the TFTP server
  • Bootloader upgrade is highly recommended when upgrading to ScreenOS 6.3.0
Symptoms & Errors:
  • Upgrade via TFTP

Note: Before upgrading the bootloader on a Firewall device, ensure the following has been established: 

To upgrade the bootloader image on the SSG device via Boot/Diag mode:

  1. Connect the console from your PC to the firewall device

  2. Start the Terminal Program and reset or power up the firewall device.

  3. Interrupt the boot-up sequence using the examples below depending upon the device. 

    Example 1: For SSG5, SSG20 & SSG140, press any key:

    Juniper Networks SSG5-ISDN Boot Loader Version 1.2.4 (Checksum: 9AECEADD)
    Copyright (c) 1997-2006 Juniper Networks, Inc.

    Total physical memory: 256MB
        Test - Pass
        Initialization - Done

    Hit any key to run loader

    Example 2: For other ScreenOS devices, hit 'X' & 'A' sequentially:
    NetScreen NS-ISG 2000 BootROM V1.0.0 (Checksum: 7E8EDC43)
    Copyright (c) 1997-2004 NetScreen Technologies, Inc.

    Total physical memory: 2048MB
    Test - Pass
    Initialization................ Done

    Hit key 'X' and 'A' sequentially to update OS Loader
  4. The Boot / Diag Menu should be displayed. Enter the following information when prompted:


    Serial Number [0169012006000005]: READ ONLY
    HW Version Number [1010]: READ ONLY
    Self MAC Address [0012-1ebe-51c0]: READ ONLY
    Boot File Name [Loadssg5ssg20v124.d]: Loadssg5ssg20v132.d
    Self IP Address []:
    TFTP IP Address []:
    • Self IP address - enter an IP address that is on the same subnet as the TFTP server

    • TFTP IP address -enter the IP address of the TFTP server

    • Boot File name - enter the file name of the bootloader to be upgraded to.

  5. After entering the information, the system displays information similar to the following:

    Loading file "Loadssg5ssg20v132.d"...


    These are an indication the software load is in progress. The messages will go on for a few pages.

  6. After receiving the Loaded successful message, respond N to the message Save to on-board flash.  When prompted to run downloaded system image, answer  Y.

    Loaded successfully! (size = 407,770 bytes)
    Ignore image authentication!
    Save to on-board flash disk? (y/[n]/m) No!
    Run downloaded system image? ([y]/n) Yes!

    If you inadvertently responded Yes to Save to on-board flash, then continue onto step 7, but make sure you perform the note in step 8.   

  7. The boot loader update utility will now run. Don't power off or interrupt the process. It may render the system non-bootable.

    *                                                                *
    *               SSG5/SSG20 BOOT LOADER UPDATE UTILITY            *
    *         ==============================================         *
    *               (c)1997-2006 Juniper Networks, Inc.              *
    *                      All Rights Reserved                       *
    *                                                                *
    *         ----------------------------------------------         *
    *         Boot Loader Version: 1.3.2                             *
    *         Date               : 05/26/2006                        *
    *                                                                *
    *         !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!         *
    *         !                                            !         *
    *         ! Please don't power off during update.      !         *
    *         ! Otherwise, the system can not boot again.  !         *
    *         !                                            !         *
    *         !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!         *
    *                                                                *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *                                                                *

Check on-board Boot Loader... Update needed!

Are you sure you want to update Boot Loader? (y/n)

Read product information of on-board boot flash device:
    Manufacturer ID      = 1f
    Device ID            = 13
    Additional Device ID = 10

Boot flash device is AT49LV040B

Erase on-board boot flash device.......... Done

Update Boot Loader........................................................................Done

Verify Boot Loader... Done

Boot Loader has been updated successfully!

Please hit any key to reboot the system...

8. Hit any key to reboot the system. It will now boot with the new bootloader, and boot the ScreenOS image.  If you get the ScreenOS login prompt, you may now upgrade the ScreenOS.

Note: If you do not get the ScreenOS login prompt, most likely you answered Y when prompted to Save the bootloader to on-board flash in step 6.  Therefore, the firewall rebooted without a ScreenOS image to boot to.  The boot/diag mode will appear.  If this happens, upgrade to ScreenOS via the boot/diag mode:  KB5519 - How To: Upgrade ScreenOS Software via Boot/Diag mode

Modification History:
2020-10-15: Added related link to TFTP.
2020-03-20: Minor, non-technical update.
2017-12-26: Article reviewed for accuracy. Edited article to reflect different ways to enter loader depending upon the model. Article is correct and complete
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search