Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] FAQ: In Screen OS 5.0rx, What methods are there to downgrade a NetScreen device running Screen OS5.0rx to OS4.0rx?

0

0

Article ID: KB6905 KB Last Updated: 23 Aug 2010Version: 3.0
Summary:
FAQ: In Screen OS 5.0rx, What methods are there to downgrade a NetScreen device running Screen OS5.0rx to OS4.0rx?
Symptoms:
Important!'  Although there is an option to downgrade your Netscreen device remotely, it is Preferred that when you perform ANY Screen OS downgrade locally and during a scheduled Maintenance window.
Solution:

You can downgrade a NetScreen device running ScreenOS 5.0rx to ScreenOS 4.0rx in 2 ways:

  1. Local Downgrade - using a console connection & TFTP server.
  2. Remote Downgrade - Using Telnet or SSH.

Downgrading a Device Locally:

  1. Connect your computer to the NetScreen device: a. Using a serial cable, connect the serial port on your computer to the console port on the NetScreen device. This enables you to manage the NetScreen device. b. Using an Ethernet5 cable, connect the network port on your computer to port 1 or to the management port on the NetScreen device6. This enables the transfer of data between the computer and the TFTP server and the NetScreen device.
  2. Make sure that you have a ScreenOS 4.0.X image file stored in the TFTP server directory on your computer.
  3. Run the TFTP server on your computer by double-clicking on the TFTP server application. You can minimize its window but it must be active in the background.
  4. Log in to the NetScreen device using a terminal emulator such as HyperTerminal. Log in as the root admin or an admin with read-write privileges.
  5. Issue the exec downgrade CLI command.
  6. Answer yes to this question: "Are you sure you want to downgrade the loader and the file system? ([y]/n)"
  7. Answer yes to this question: "Do you want to continue the downgrade operation? ([y]/n)"
    Wait a few moments while the NetScreen device executes the downgrade operation.
    When the downgrade is complete, the device restarts automatically.
  8.  While the device is restarting, keep your eyes on the screen and when you see "Hit any key to run loader", press any key on your computer keyboard to interrupt the startup. Note: If you do not interrupt the NetScreen device in time, it proceeds to load the firmware saved in flash memory, in this case, ScreenOS 5.0.0. Because the device downgraded all its components, it no longer supports ScreenOS 5.0.0. Consequently, the device generates an "invalid image" message and prompts you to enter the file name of the proper firmware to load (Boot File Name prompt). The device basically takes you back to the Boot File Name prompt that follows after pressing a key at the "Hit any key to run loader" prompt.
  9. At the Boot File Name prompt, enter the file name of the ScreenOS firmware you want to load.
  10. At the Self IP Address prompt, enter an IP address that is on the same subnet as the TFTP server.
  11. At the TFTP IP Address prompt, enter the IP address of the TFTP server.
    An indication that the firmware is loading successfully is the display of a series of "rtatatatatatata..." running on the terminal emulator screen and a series of symbols running on the TFTP server window. When the firmware installation is complete, a message informs you of the success of the installation.
  12. Answer yes to this question: "Program to on-board flash? ([y]/n)"
    Answering "yes" saves the firmware you installed to flash memory.
  13. Answer yes to this question: "Run downloaded program? ([y]/n)"
    Answering "yes" instructs the NetScreen device to start running the new firmware.
  14. Because there is no configuration on the device, you must configure the Trust interface to be able to manage it and then load a configuration file. a. Set interface interf_name zone trust
    b. Set interface interf_name ip ip_addr Note: The interface IP address must be on the same subnet as your computer.
  15.  Load a configuration file that is compatible with ScreenOS 4.0.X using the save soft from tftpip_addrfilename to flash CLI command. You have to load a configuration file that was saved with ScreenOS 4.0.X firmware because ScreenOS 4.0.X firmware does not support configuration files saved with ScreenOS 5.0.0 firmware.

Downgrading a Device Remotely - Only via CLI using telnet or SSH

  1. Log in to the NetScreen device using an application such as Telnet or Secure Shell (SSH). Log in as the root admin or an admin with read-write privileges.
  2. Make sure that you have a ScreenOS 4.0.X image file stored in the TFTP server directory on your computer.
  3. Run the TFTP server on your computer by double-clicking on the TFTP server application. You can minimize its window but it must be active in the background.
  4. Log in to the NetScreen device using a terminal emulator such as HyperTerminal. Log in as the root admin or an admin with read-write privileges.
  5. Load a 4.0.X version of the ScreenOS firmware onto the NetScreen device. You can do this using the save soft from tftp ip_address file_name to flash CLI command, where the IP address is that of your computer and the filename that of the firmware you want to load.
  6. Answer yes to this question: "Software major version is not same, accept this firmware? ([y]/n)"
  7. Issue the exec downgrade CLI command.
  8. Answer yes to this question: "Are you sure you want to downgrade the loader and the file system? ([y]/n)"
  9. Answer yes to this question: "Do you want to continue the downgrade operation? ([y]/n)" The NetScreen device proceeds to downgrade the firmware. Warning:The downgrading procedure causes the loss of your Telnet or SSH session. Wait approximately 5 to 10 minutes while the NetScreen device executes the downgrade operation, after which you can log in to the device and verify connectivity and firmware version.

.

Here is the problem or goal:

  • FAQ: In Screen OS 5.0rx, What methods are there to downgrade from Screen OS5.0rx to OS4.0rx?

Additional Information:

Important!  Although there is an option to downgrade your Netscreen device remotely, it is Preferred that when you perform ANY Screen OS downgrade locally and during a scheduled Maintenance window.

Applicable Products:

  • NetScreen-5XP
  • NetScreen-5XT
  • NetScreen-5GT
  • NetScreen-25
  • NetScreen-50
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500

Applicable ScreenOS:

  • 5.0.0
  • 5.0.0 A/V


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search