10-26-2008 07:39 AM
I have a Juniper-NS5GT-WLAN firewall with firmware version 5.3.0r4.0 (Firewall+VPN) and hardware version of 1010(0). In order to update the firmware version to 6.x, an intermediate version of 5.4r8 or later is required.
Applying the ssg5ssg188.8.131.52r10.0 version through the web GUI results in an error message of "..file cannot be recoqnized as a valid image file...". I've used the CLI with the command "exec pki test skey" to verify that the software keys show zeros and they do.
The file is valid; is there another intermediate version that should be applied to the 5.3.x version before the 5.4r10 version can be applied?
Solved! Go to Solution.
10-26-2008 08:46 AM
The NS5GT (of any sort) cannot run ScreenOS 6.0 or above. I'm running 5.4r10 on mine, and I'm just downloading 5.4r11 (since I checked for the latest version because of this message :-) ).
You cannot apply the ssg5/ssg20 image to an NS5GT. You need to obtain the ns5gt.5.4.0r11.0 image to run on your box.
10-26-2008 05:49 PM
Is the 5.4r11 the last version for the NS5GT and does it support WPA2?
It's unfortunate that Juniper makes it so hard to download images; oh well, I'll get it at work tomorrow.
I am sorry for "causing" you to do some extra work
10-27-2008 12:50 AM
I don't find it hard to download images, but then I work for Juniper so I no longer have the customers' eye view of the mechanism. There is certainly a mechanism to only allow users with a valid support contract to obtain software to which they're entitled but it's not particularly difficult to use (username/password).
5.4r11.0 is the latest software image for the NS5GT. It was only uploaded to the website in the last few days (the release notes are dated 21st October).
WPA2 has been supported in 5.4 since r1, I think. You mentioned that you've been running 5.3. The release notes for 5.4r1.0 are dated 26 July 2006, so the support has been there for quite a while :-) I've certainly been using it for well over a year on my NS5GT-WLAN.
10-27-2008 06:46 AM
Well, that's easy for you to say that downloading is easy; try to download images for the NS5GT without support contract. I do have an account with Juniper and I couldn't even register my NS5...
I can understand that Juniper is trying to control access to the images; however, firmware should be available for the device for home users. Especially knowing the fact that some of the versions may be vulnerable to remote exploits. Alternatively making a security patch publicly available would also be nice.
I've been using this NS5GT at home for about 2 years now; Juniper was giving them away around that time for free through a promotion. A support contract is not an option for me; albeit admittedly, I don't really know the cost of it. It replaced my trusty DLink Wi-Fi broadband router that I currently use when I travel; I like to separate my laptop even from the hotel's network. I might just get another one for home; it's too much of hassle to update the image for the NS5.
In either case, I do thank you for your help.