SSL VPN
Reply
Visitor
71HH
Posts: 3
Registered: ‎05-16-2012
0

SA-4500 update 7.0R2 -> 7.2R1.1 - best practice / caveats

I've inherited the administration of an SA-4500 box and have been asked to upgrade to the latest firmware release.

 

It looks like it ought to be a very straightforward procedure but as I've not done this before and don't have a test system to work on I'm really keen to know what I should, and particularly what I should NOT, be doing and what potential pitfalls there are.

 

So, what should I be thinking of beyond this?:

 

-Download update package (j-sa-7.2R1.1-b20761-package.pkg)

-Optionally stage this package (what are the advatages to doing this?)

-Export system and user config (or should I be doing a full XML export having selected all options?)

-Clear all logs

-Install the package

 

What's the impact at the client end (mix of Windows and iOS clients)?

 

thanks in advance.

 

 

 

Recognized Expert
Kita
Posts: 485
Registered: ‎12-23-2010
0

Re: SA-4500 update 7.0R2 -> 7.2R1.1 - best practice / caveats

It looks like you have all angles covered, but I don't see any reason to clear the logs. 

 

One thing to consider is the upgrade will cause all end users to upgrade Juniper clients (WSAM,JSAM,NC and Pulse) after the upgrade is complete.  If you have some end users who do not have admin privs to install, you'll want to either push the corresponding client out to end user before the upgrade or you'll want to ensure Juniper Installer Service (JIS) is installed on the end user machine to avoid any installation issues.  Also, you'll want to upgrade the device during a maintenance window as the SA device will be down to end user while the upgrade is occurring.

Visitor
71HH
Posts: 3
Registered: ‎05-16-2012
0

Re: SA-4500 update 7.0R2 -> 7.2R1.1 - best practice / caveats

Thanks.

 

Clearing logs has been suggested as a way to reduce the time the update takes - that's the only reason I included that step.

 

 

Moderator
zanyterp
Posts: 2,306
Registered: ‎11-19-2007
0

Re: SA-4500 update 7.0R2 -> 7.2R1.1 - best practice / caveats

yes, clearing the logs is a good thing (make sure to save a copy if required) as it can make a 15 minute process take 1+ hours as the data is copied to the new partition.

 

otherwise, yes, it is as straight-forward as you indicated. to stage or not to stage is something only you can answer for your environment. save the binary config files; the xml is not useful for backup purposes

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.