ScreenOS Firewalls (NOT SRX)
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 227
Registered: ‎01-12-2010

Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

My SSG5 was running 6.0.1 absolutely fine. However after upgrading this puppy is going through reboot cycle.

 

Please someone tell me there is a way to recover the box....

 

anawaz  :-(

 

--------------------------------------------------------------------------------------

Juniper Networks, Inc
SSG5/SSG20 System Software
Copyright, 1997-2008

Version 6.2.0r7.0
Load Manufacture Information ... Done

Initialize FBTL 0........ Done
Load NVRAM Information ... (6.2.0)Done
Install module init vectors
Install modules (01134800,0209fd44) ...
PPP IP-POOL initiated, 256 pools

Initializing DI 1.1.0-ns
w3g_cfg_init

System config (1544 bytes) loaded

Done.
Load System Configuration .......................................
Unsupported command - set zone "VLAN" block
........................................modem is not detected
.....................................Disabled licensekey auto update
...........Done
system init done..
login: ethernet0/1 interface change physical state to Up
System change state to Active(1)
###Crash Time: 03Mar2002:09:10:32###
System Level:
Image In Task Level
Current Task Is:sys up id = 81

*********************************************************
                  Exception Dump
*********************************************************
System up time: 0 hours 0 minutes 11 seconds
Version 6.2.0r7.0
Exception(Data Abort Exception code(1002))
Exception address: 00193b18
Registers of Main Processor:
R0:      00000000   R1:      00000001  R2:      00000093
R3:      01da1c40   R4:      8b035ff8  R5:      8f404444
R6:      74fca010   R7:      03a7be70  R8:      00000024
R9:      00000000   R10(sl): 8bffff80  R11(fp): 8bfffee8
R12(ip): 74fc9fec   R13(sp): 8bfffec8  r14:     00193b20
lr:      0050e584   SPSR:    20000010  CPSR:    20000097
The registers of control processor 15:
CR1ARM:  000031FF   CR1XSCALE:  00000000   CR2:     0782c000
CR3:     000000E7   CR4:        Reserved   CR5:     000000f5
CR6:     8F404464   CR7:        N/A        CR8:     N/A
CR9:     00000000   CR10:       N/A        CR11:    Reserve
CR12:    Reserve    CR13:       00000000
Stack dump:
8bfffe48: 03 a7 be 70 00 00 00 24 00 00 00 00 8b ff ff 80
8bfffe58: 8b ff fe 88 8b ff fe 68 00 50 f8 18 00 df 2b 98
8bfffe68: 00 78 79 fc 00 00 00 00 00 00 00 00 8b 03 5f f8
8bfffe78: 04 3c e4 4c 8b ff fe c4 8b ff fe 9c 00 19 3a cc
8bfffe88: 00 50 f7 a0 01 18 0d 40 03 a7 be 70 00 00 10 df
8bfffe98: 01 da 1c 40 00 00 00 00 8b 03 5f f8 04 3c e4 4c
8bfffea8: 00 00 00 08 03 a7 be 70 00 00 00 24 8b ff ff 80
8bfffeb8: 8b ff fe e8 8b ff fe c8 00 19 3b 90 00 19 39 74
8bfffec8: 00 00 00 34 02 a6 76 80 04 3c e4 20 00 00 00 00
8bfffed8: 02 0b 09 9c 8b ff fe f8 8b ff fe ec 00 19 3c 08
8bfffee8: 00 19 3b 00 8b ff ff 14 8b ff fe fc 00 19 3c 98
8bfffef8: 00 19 3b c0 00 00 00 01 00 00 00 02 00 00 00 01
8bffff08: 8b ff ff 30 8b ff ff 18 00 19 c3 94 00 19 3c 28
8bffff18: 8b ff ff 80 00 19 c2 3c 00 00 00 00 8b ff ff 4c
8bffff28: 8b ff ff 34 00 77 c9 80 00 19 c2 48 00 00 00 04
8bffff38: 02 6d 36 b8 02 dc 6a 8c 8b ff ff 7c 8b ff ff 50
8bffff48: 00 77 ca e8 00 77 c9 00 00 00 00 01 00 00 00 01
8bffff58: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00
8bffff68: 00 00 00 00 00 00 00 00 8b ff ff ac 8b ff ff 80
8bffff78: 00 77 d1 ac 00 77 ca 48 00 00 00 02 00 00 00 02
8bffff88: 00 00 00 01 8b ff ff bc 8b ff ff 9c 00 b8 57 f0
8bffff98: 00 08 1c b4 00 77 d0 04 8b ff ff bc 8b ff ff b0
8bffffa8: 00 77 d0 20 00 77 d1 24 00 00 00 00 8b ff ff c0
8bffffb8: 00 08 1c b4 00 77 d0 10 00 00 00 00
Trace Dump:
00193b18 0050e584 00193c08 00193c98 0019c394 0077c980 0077cae8 0077d1ac
0077d020 00081cb4
FP Trace Dump:
00000000 00000000 8bfffee8 8bfffef8 8bffff14 8bffff30 8bffff4c 8bffff7c
8bffffac 8bffffbc
Crash dump, the system will reboot...
Crash dump is done.
sys up far = 8f

Juniper Networks SSG5 Boot Loader Version 1.3.2 (Checksum: A1EAB858)
Copyright (c) 1997-2006 Juniper Networks, Inc.

Total physical memory: 128MB
    Test - Pass
    Initialization - Done

Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader

Loading default system image from on-board flash disk...
Done! (size = 15,204,352 bytes)

Image authenticated!

Start loading...
.................................................................
.................................................................
.................................................................

Ajaz Nawaz
JNCIE-SEC#254 CCIE#15721
JNCIA-FWV | JNCIS-FWV
JNCIA-JUNOS | JNCIS-SEC
JNCIP-SEC | JNCIE-SEC
CCNP-Collaboration
Distinguished Expert
Posts: 4,121
Registered: ‎03-30-2009
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

I believe you will need to interupt this boot process and do the upgrade or downgrade from the console prompt.

 

The KB5519 describes the process.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV JNCIS-SSL JNCDA
JNCIS-SP
ACE PanOS 6
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Contributor
Posts: 227
Registered: ‎01-12-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

which interface should I connect the tftp server to please?, highest numbered intf?

is anyone running 6.3 sucessfully?

 

you know the thing is, I was under the impression that since this is a security appliance that it was a good idea to upgrade to the latest , or better - recommended version of code.

 

the code i elected to upgrade to was recomended as per sw download page.

 

thanks for the KB note and I will follow that and let you know what happens.

 

thanks and bye for now

anawaz

Ajaz Nawaz
JNCIE-SEC#254 CCIE#15721
JNCIA-FWV | JNCIS-FWV
JNCIA-JUNOS | JNCIS-SEC
JNCIP-SEC | JNCIE-SEC
CCNP-Collaboration
Contributor
Posts: 227
Registered: ‎01-12-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

anyone....

 

and in terms of 6.3, must I upgrade the bootloader too?

if so - do that before the screenos upgrade or after...

 

plz yo !

Ajaz Nawaz
JNCIE-SEC#254 CCIE#15721
JNCIA-FWV | JNCIS-FWV
JNCIA-JUNOS | JNCIS-SEC
JNCIP-SEC | JNCIE-SEC
CCNP-Collaboration
Contributor
Posts: 227
Registered: ‎01-12-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

KB5519 doesn't describe which interface to connect upto the tftp server...  I assume it's the highes...

 

thanks

anawaz


spuluka wrote:

I believe you will need to interupt this boot process and do the upgrade or downgrade from the console prompt.

 

The KB5519 describes the process.


 

Ajaz Nawaz
JNCIE-SEC#254 CCIE#15721
JNCIA-FWV | JNCIS-FWV
JNCIA-JUNOS | JNCIS-SEC
JNCIP-SEC | JNCIE-SEC
CCNP-Collaboration
Contributor
Posts: 227
Registered: ‎01-12-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

fixed now...

had to downgrade to 6.0. surely something to do with bootloader version.

 

I guess i need to digest the upgrade notes fully next time.

Ajaz Nawaz
JNCIE-SEC#254 CCIE#15721
JNCIA-FWV | JNCIS-FWV
JNCIA-JUNOS | JNCIS-SEC
JNCIP-SEC | JNCIE-SEC
CCNP-Collaboration
Distinguished Expert
Posts: 4,121
Registered: ‎03-30-2009
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

Sorry, been dealing with another situation in real life.

 

Yes, tftp defaults to the lowest numbered interface.

 

The bootloader requirements for each version are listed and that does seem like the most likely issue here.

 

You may also want to take note of the JTAC recommended version kb on the download page.  Currently they still list 6.2 as the recommended production version of screenos.  So unless you need a new feature like the multiple proxy id or local url filtering updates, you might want to stick with 6.2 for now.

 

Review of the bootloader is the same and release notes will still list all the known issues.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV JNCIS-SSL JNCDA
JNCIS-SP
ACE PanOS 6
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Visitor
Posts: 3
Registered: ‎08-14-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

I had the same problem.  I upgraded from 6.1r2 to 6.2r7 (allegedly the recommended one) and now the ssg5 is stuck in some state of bootloading.  I have not had a chance to get a console connected.

 

There was no obvious indication that I needed to upgrade a bootloader.  Also the download site had an odd service message from Feb on it and still does today (Aug 14) that I appended below.

 

Any advice?  My current plan is to get console and tftp working and either upgrade or downgrade.

Incidentally is there some sort of USB or IP-based console by any chance so one doesn't need to futz with various legacy serial connectors?

 

Thanks,

Peter

 

------- note on http://www.juniper.net/customers/support/softserv.jsp -------

 

Important Notice
Juniper Networks performed a CRM system upgrade.

Ending: 21-Feb-2010 at 4pm PST (21-Feb-2010 at 24:00 UTC) 

During this time, and possibly afterwards, briefly, some of our online tools may have limited functionality. 

This page may be used in such case, if normal navigation and/or authentication is not possible to the following platforms:
CTP, DX, WX, JWOS, Application Usage Manager (AUM), EX2500, Juniper Route Insight Manager (JRIM), ScreenOS (including NSM/Global Pro, IDP & NetScreen-Remote), StreamScope eRM, STRM. 

 

Contributor
Posts: 227
Registered: ‎01-12-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

Yes - i think I can help.

 

Follow the procedure to upgrade the bootloader to v133. The release notes state v132 or later. Anyway, you can download that under ScreenOS / 6.3 Software. The filename is :

 

Loadssg5ssg20v133.d

 

Remember the bootloader upgrade procedure is slightly diff from changing ScreenOS. Reply back if you are not sure about that.

 

Once you have upgraded the boot code - then load 6.2.0r3.0. The filname is:

 

ssg5ssg20.6.2.0r3.0

 

I've tried all the code starting from the top down. This is the first one that worked. All the others made the baby hit the reload cycle. The good thing is that this takes you to Juniper's recommended version i.e. 6.2, and there is some changes in there that I noticed in the WebUI.

 

hth

anawaz

 

ps. don't hesitate to get back to us if you hit any issues.

Ajaz Nawaz
JNCIE-SEC#254 CCIE#15721
JNCIA-FWV | JNCIS-FWV
JNCIA-JUNOS | JNCIS-SEC
JNCIP-SEC | JNCIE-SEC
CCNP-Collaboration
Visitor
Posts: 3
Registered: ‎08-14-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

Thanks.  I will try that. (or perhaps try a 6.3 version).

In case this is useful to someone attached is the crash dump I get off the console.

 

Highlighted
Contributor
Posts: 227
Registered: ‎01-12-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

imo stick to 6.2 as this is recommended, and as you yourself pointed out above :-)

besides, i tried a number of 6.3's and they all crashed.

 

I should however state, my toy is an SSG5 HW revision 710(0)

 

let us know how you get on.

anawaz

Ajaz Nawaz
JNCIE-SEC#254 CCIE#15721
JNCIA-FWV | JNCIS-FWV
JNCIA-JUNOS | JNCIS-SEC
JNCIP-SEC | JNCIE-SEC
CCNP-Collaboration
New User
Posts: 1
Registered: ‎08-16-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

Currently I've exactly the same problem with a SSG5 (hw-revision 710). I'm running Loader 1.3.3 and the working releases are 6.2.0r3.0, 6.0.0r1.0 and the 6.1.0r2.0 (pre-installed firmware). All other releases will crash after 11 seconds.

 

 

 

 

New User
Posts: 2
Registered: ‎11-02-2010
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

Why do these crashes on all but certain version that "hope" has listed?  I have 16 such SSG-5 and only 2 of them crashed.  Tried even with the latest bootloader.

New User
Posts: 2
Registered: ‎10-04-2011
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

having the same problem here but on an SSG20.

 

I got 2 of them and one of them cannot be upgraded further than 6.2 R4.

 

I tried to upgrade the bootloader from 1.3.2 to 1.3.3 but I got the same problem, the Firewall is non stop rebooting as soon as I got the login prompt Smiley Sad

 

Anyone from Juniper can enlight us ? What should we  do since we are several ppl hit by this bug ?

 

 

Distinguished Expert
Posts: 858
Registered: ‎11-02-2009
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

Hi,

 

I have upgraded dozens of ssg5 and ssg20 boxes to 6.2 and 6.3 and never experienced such a problem. Have you tried to reset them to the factory defaults using the pin-hole reset procedure and re-apply the upgrade?

Kind regards,
Edouard
New User
Posts: 2
Registered: ‎10-04-2011
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

Hey there and thanks for your help.

 

Yeah I did that and I can see that some users are experiencing the same issue as me ...

 

Very weird indeed.

 

I've upgraded a ton of SSG too but this unit does not want to be upgraded !

Distinguished Expert
Posts: 858
Registered: ‎11-02-2009
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

Hi,

 

Have you checked if there is free space on the flash? A full or corrupted flash disk may also be a problem. You can try to delete several files manually. There are also undocumented commands for the flash test/format. Unfortunately I did not saved them. A couple of years ago JTAC helped me to clean up the flash after I had experienced problems with the AV-pattern updates because of a file system corruption.

Kind regards,
Edouard
Contributor
Posts: 11
Registered: ‎10-28-2011
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

[ Edited ]

Hi all,

 

I have the exact same problem. Firewall rebooting constantly after applying newer firmware than 2.6.0r3

 

Also having Hardware Version 710(0).

 

I have about 100 SSG5 at our customers, and 4 of those firewalls (so far) have this "reboot error".

Has anyone gotten a solution how to successfully update to a newer firmware?

Or should these firewalls be returned as "defect" ?

 

Thank you in advance

Visitor
Posts: 6
Registered: ‎10-13-2011
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

I would return them as defect.  Given that no solution has been provided, if Junipr gets enough of them back, then maybe support and engineering will talk and figure out the cause and a fix.  It is cheaper for them to get a software fix available than to swap units out.  They just need to get this units back to get that ball rolling though.

Contributor
Posts: 11
Registered: ‎10-28-2011
0 Kudos

Re: Need help recover SSG5 after upgrading to ssg5ssg20.6.2.0r7.0

Yeah - I think you're right.

I'll return the devices.

 

Take care.