Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  SSG ScreenOs Upgrades

    Posted 03-15-2016 05:03

    I have some SSG5, 20 & 140 firewalls to upgrade, all are currently running 6.2.0r5.0 & i am looking to go to version 6.3.0r21.0.

    To my knowledge, none of the existing firewalls currently have a boot loader (looking at the output from ("get sys").

     

    1. So, should i install the relevant version boot loader as part of the upgrade?

    2. I have downloaded a document with the upgrade process & it looks straight forward, is there any thing else i need to consider as part of the upgrade i.e. licensing/certificates or any other known gotcha's?

     

    thanks

    Colin



  • 2.  RE: SSG ScreenOs Upgrades

    Posted 03-15-2016 09:34

    I would recommend disabling DHCP server before upgrading, then reenable it after the upgrade.  You do not need to upgrade the bootloaders on SSG devices, and should be able to upgrade directly to 6.3r21.  Licenses are the same for both versions of code.



  • 3.  RE: SSG ScreenOs Upgrades
    Best Answer

     
    Posted 03-15-2016 18:38

    Hi Colin,

     

    6.2r5 and 6.3r21 are signed with different image signing keys. So, you will have to either update or delete the key before upgrading to r21.

     

    Details here:

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=TSB16495

    https://kb.juniper.net/InfoCenter/index?page=content&id=TSB16496