Screen OS

Hi Juniper, I have to ask you again another question....

I performed below steps in the NS-25.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

1.

ns25-> exec pki test skey
exec pki test <skey>.
Flash base = 0xf8000000, Flash end = 0x780000, sector size= 0x20000

KEY1 0xf8760404 len =0
0000000000000000000000000000000000000000000000000000000000000000000000000000000000 magic1 = f7e9294b magic2=0

KEY2 0xf8740804 len =0
0000000000000000000000000000000000000000000000000000000000000000000000000000000000 magic1 = f7e9294b magic2=0

KEY3 0xf8721004 len =0
0000000000000000000000000000000000000000000000000000000000000000000000000000000000 magic1 = f7e9294b magic2=0

2.

ns25-> save image-key tftp
ns25-> save image-key tftp 192.168.10.100 imagekey.cer
Load file from TFTP 192.168.10.100 (file: imagekey.cer).
!!!!!

AFTER THAT,

3.

ns25-> exec pki test skey
exec pki test <skey>.
Flash base = 0xf8000000, Flash end = 0x780000, sector size= 0x20000

KEY1 0xf8760404 len =433
308201ad02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0

KEY2 0xf8740804 len =433
308201ad02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0

KEY3 0xf8721004 len =433
308201ad02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0

4.

ns25-> save software from tftp 192.168.10.100 ns50ns25.5.2.0r3a.0 to flash
Load software from TFTP 192.168.10.100 (file: ns50ns25.5.2.0r3a.0).
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

tftp received octets = 4456448
tftp success!

TFTP Succeeded
Save to flash. It may take a few minutes ... update new flash image (06b16b60,4456448)
platform = 14, cpu = 10, version = 18
offset = 20, address = 3060000, size = 4445932
date = 1176, sw_version = 402af108, cksum = 83932e38
********Invalid DSA key!!!
********Invalid image!!!
********Bogus image - not authenticated!!!

 -----------------------------------------------------------------------------------------------------------------------------------------------------------------

And I turn off the devce and turn on again.

But below sentence appeared..

NetScreen NS-25/50 Boot Loader Version 3.0.0 (Checksum: D1C6421F)
Copyright (c) 1997-2003 NetScreen Technologies, Inc.

Total physical memory: 128MB
Test - Pass
Initialization - Done

Model Number: NS-25

Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader

Loading default system image from on-board flash disk...

********Invalid DSA signature

********Bogus image - not authenticated

Serial Number [xxxxxxxxxxxxxxx]: READ ONLY
HW Version Number [4010]: READ ONLY
Self MAC Address [0014-f643-2790]: READ ONLY
Boot File Name [ ns50ns25.5.2.0r3a.0]:

NetScreen NS-25/50 Boot Loader Version 3.0.0 (Checksum: D1C6421F)
Copyright (c) 1997-2003 NetScreen Technologies, Inc.

Total physical memory: 128MB
Test - Pass
Initialization - Done

Model Number: NS-25

Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader

Loading default system image from on-board flash disk...

********Invalid DSA signature

********Bogus image - not authenticated

Serial Number [0096062006000556]: READ ONLY
HW Version Number [4010]: READ ONLY
Self MAC Address [0014-f643-2790]: READ ONLY
Boot File Name [ ns50ns25.5.2.0r3a.0]:
Self IP Address [192.168.10.101]:
TFTP IP Address [192.168.10.100]:

Save loader config (56 bytes)... Done

### Time out, PHY link down ###
Please make sure cable is connected properly - hit any key to continue...

### Time out, PHY link down ###
Please make sure cable is connected properly - hit any key to continue...

### Time out, PHY link down ###
Please make sure cable is connected properly - hit any key to continue...

### Time out, PHY link down ###
Please make sure cable is connected properly - hit any key to continue...

### Time out, PHY link down ###
Please make sure cable is connected properly - hit any key to continue...

No matter how I click anything button, continuously appear "### Time out, PHY link down ###" contents...

I think that imagekey.cer is invalid thing...

Hmmm,, how to delete its certificate?

Regards,

Hi,

You have some old image key on your system that needs to be updated to a new one the url below give you some hints howto resolve this.

http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16495

http://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/SSG5-Invalid-DSA-signature-when-installing-firmware/td-p/260219

Hope this helps a bit

To. marcTB

I already its imagekey...ㅠㅠ

How can I do to fix it..

Time out, PHY link down means that the interface the device uses to reach the TFTP server is physically down.  On the NS-25, it will use eth0/0.

The new image authentication key is only for ScreenOS 6.2 and 6.3.  The NS-25 image is an older image and is not signed by the new key.  You will need to open a JTAC case to see if you can recover the device.

To. rseibert

Thank you so much..!

However, I don't know your meaning ; JTAC case?? 

what is meaning?...

Open a support case.

You can open a Juniper TAC case at the below url

https://casemanager.juniper.net/casemanager/#/create

I tried to fill out the contens.

But is there a stange situation ; plz see the photo.

No choice content is in the Associated Account even though I filled out the above..

First you need to login with your account, also you need to have an active support contract on the device(s)