[ScreenOS] How To: Upgrade Bootloader on firewall device

  [KB10976] Show Article Properties


Summary:
How To: Upgrade Boot Loader via Boot/Diag mode
Symptoms:
Environment:
  • Upgrade using the Console
  • Upgrade on boot up
  • Firewall has a direct connection to a TFTP server
  • Bootloader to be upgraded to is on the TFTP server
  • Bootloader upgrade is highly recommended when upgrading to ScreenOS 6.1.0
Symptoms & Errors:
  • Upgrade via TFTP
Solution:
noteBefore upgrading the bootloader on a Firewall device, ensure that the following has been established: 
  • A console cable has been connected to a COM serial port on PC and to the console port on the Firewall device.  For assistance, consult: Accessing the Command Line Interface via the Console Port on Your NetScreen, SSG, or ISG Firewall device

  • A Terminal Program (HyperTerminal or equivalent) is present
  • A TFTP server is available (on the local segment to the firewall). Please note the Firewall will try to contact TFTP server using its first interface (Ethernet0/0) or Management (MGT) interface, bases on your hardware platform. So, please ensure that the TFTP server is either directly connected to this interface or available on the LAN connected to this interface.
  • The bootloader image has been downloaded from the ScreenOS Software Download area
  • The bootloader image is stored on the root folder of TFTP server

 

To upgrade the bootloader image on the SSG device via Boot/Diag mode:

  1. Connect the console from your PC to the firewall device
  2. Start the Terminal Program and reset or power up the firewall device.
  3. Interrupt the boot-up sequence using the examples below depending upon the device. 
    Example 1:- For SSG5, SSG20 & SSG140, press any key:-

    Juniper Networks SSG5-ISDN Boot Loader Version 1.2.4 (Checksum: 9AECEADD)
    Copyright (c) 1997-2006 Juniper Networks, Inc.

    Total physical memory: 256MB
        Test - Pass
        Initialization - Done

    Hit any key to run loader

    Example 2:- For other ScreenOS devices, hit 'X' & 'A' sequentially:-
    NetScreen NS-ISG 2000 BootROM V1.0.0 (Checksum: 7E8EDC43)
    Copyright (c) 1997-2004 NetScreen Technologies, Inc.

     
    Total physical memory: 2048MB
    Test - Pass
    Initialization................ Done

     
    Hit key 'X' and 'A' sequentially to update OS Loader
     
  4. The Boot / Diag Menu should be displayed. Enter the following information when prompted: 
     
    Example:
    Serial Number [0169012006000005]: READ ONLY
    HW Version Number [1010]: READ ONLY
    Self MAC Address [0012-1ebe-51c0]: READ ONLY
    Boot File Name [Loadssg5ssg20v124.d]: Loadssg5ssg20v132.d
    Self IP Address [192.168.10.1]:
    TFTP IP Address [192.168.10.12]:
    • Self IP address - enter an IP address that is on the same subnet as the TFTP server
    • TFTP IP address -enter the IP address of the TFTP server
    • Boot File name - enter the file name of the bootloader to be upgraded to.
  5. After entering the information, the system displays information similar to the following:

    Loading file "Loadssg5ssg20v132.d"...

    >

    rtatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat
    atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat
    atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat
    atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat


    These are an indication the software load is in progress. The messages will go on for a few pages.
  6. After receiving the Loaded successful message, respond N to the message Save to on-board flash.  When prompted to run downloaded system image, answer  Y.
    Loaded successfully! (size = 407,770 bytes)
    Ignore image authentication!
    Save to on-board flash disk? (y/[n]/m) No!
    Run downloaded system image? ([y]/n) Yes!
    If you inadvertently responded Yes to Save to on-board flash, then continue onto step 7, but make sure you perform the note in step 8.   
  7. The boot loader update utility will now run. Don't power off or interrupt the process. It may render the system non-bootable.
                ******************************************************************
    *                                                                *
    *               SSG5/SSG20 BOOT LOADER UPDATE UTILITY            *
    *         ==============================================         *
    *               (c)1997-2006 Juniper Networks, Inc.              *
    *                      All Rights Reserved                       *
    *                                                                *
    *         ----------------------------------------------         *
    *         Boot Loader Version: 1.3.2                             *
    *         Date               : 05/26/2006                        *
    *                                                                *
    *         !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!         *
    *         !                                            !         *
    *         ! Please don't power off during update.      !         *
    *         ! Otherwise, the system can not boot again.  !         *
    *         !                                            !         *
    *         !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!         *
    *                                                                *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *        *** DON'T POWER OFF DURING BOOT LOADER UPDATE ***       *
    *                                                                *
    ******************************************************************


Check on-board Boot Loader... Update needed!

Are you sure you want to update Boot Loader? (y/n)

Read product information of on-board boot flash device:
    Manufacturer ID      = 1f
    Device ID            = 13
    Additional Device ID = 10

Boot flash device is AT49LV040B

Erase on-board boot flash device.......... Done

Update Boot Loader........................................................................Done

Verify Boot Loader... Done

Boot Loader has been updated successfully!

Please hit any key to reboot the system...
8. Hit any key to reboot the system. It will now boot with the new bootloader, and boot the ScreenOS image.  If you get the ScreenOS login prompt, you may now upgrade the ScreenOS.


note  If you do not get the ScreenOS login prompt, most likely you answered Y when prompted to Save the bootloader to on-board flash in step 6.  Therefore, the firewall rebooted without a ScreenOS image to boot to.  The boot/diag mode will appear.  If this happens, upgrade to ScreenOS via the boot/diag mode:  KB5519 - How To: Upgrade ScreenOS Software via Boot/Diag mode
Modification History:
2017-12-26: Article reviewed for accuracy. Edited article to reflect different ways to enter loader depending upon the model. Article is correct and complete.
Related Links: