Junos
Junos

Junos Firmware 15x49.1 D150 vs 18.3

‎10-23-2018 07:06 AM

I have several SRX300s I need to upgrade the firmware on.  I found the Junos 15.1x49 D150 firmware is the recommended version and I was able to upgrade to that on devices that had an older version of that type of firmware but some of our devices have the alternate 17.3 Junos version and I was not able to sucessfully upgrade the firmware to the 15.1x49 recommended version on those devices.  So I have a few quetions I need help with at this point:

 

1) Do I want to be using 18.3 or 15.1x49 D150?

 

2) How do I upgrade from 17.3 to 15.1x49 D150?

 

2) Why are there two paralell versions of Junos firmware for the SRX300 in the first place?

6 REPLIES 6
Junos

Re: Junos Firmware 15x49.1 D150 vs 18.3

[ Edited ]
‎10-23-2018 03:20 PM

Hello.

 

Welcome to J-Net forums. Let me start from the last question.

 


it@gicw.org wrote:

2) Why are there two paralell versions of Junos firmware for the SRX300 in the first place?


 

The base (mainline) Junos OS release cadence doesn't allow to release new features as quickly as it was needed for security devices. There was created special release security devices (X release e.g. 15.1X49 for SRX300) to introduce new features with faster cadence. The X release for SRX300 should cease to exist in long term (subject to change) when mainline Junos version (latest 18.3 as of now) will have feature parity with 15.1X49 release.  You can read more at  PSN-2013-01-818 (CSC login required).

 


it@gicw.org wrote:

2) How do I upgrade from 17.3 to 15.1x49 D150?

 

 You would basically downgrade Junos OS.  Upgrade/downgrade paths are described in Junos relases notes - e.g. see this section in 15.1x49-D150 release notes :

 


Support for upgrades and downgrades that span more than three Junos OS releases at a time is not provided, except for releases that are designated as Extended End-of-Life (EEOL) releases. EEOL releases provide direct upgrade and downgrade paths—you can upgrade directly from one EEOL release to the next EEOL release even though EEOL releases generally occur in increments beyond three releases.

 

You can downgrade directly from Junos 17.3 to 15.1X49 release based on those release notes.

 

You will use Junos CLI command below for adding new software (or use web GUI J-Web for the same):

 

srx > request system software add <path-to-OS-image>

 

Bear in mind there could be changes in behavior and syntax between Junos releases. Read through release notes and consult with JTAC if needed.

 


it@gicw.org wrote:

1) Do I want to be using 18.3 or 15.1x49 D150?



 

This depends on the features you would like to use. The 18.3 has some extra features - if you do not need them I'd suggest to stick to JTAC recommended 15.1X49 version for now.

 

You can compare features in both releases using  Compare softwares releases section in Feature Explorer (link compares 15.1X49-D150 vs 18.2R1 - 18.3R1 is not loaded to tool yet).

 

Regards
Luděk Matoušek
JNCIS-ENT, JNCIS-SP, JNCIP-SEC, JNCIA-DevOps
Junos

Re: Junos Firmware 15x49.1 D150 vs 18.3

[ Edited ]
‎01-30-2019 08:22 AM

Dear Ludek! I have the same question, but I need to downgrade from 18.1R1.9 to recommended 15.1X49-D150.

RE-SRXSME-SRX550 upgraded to HM (4GB RAM, 8GB SD).

But after upgrade to 18.1 J-Web doesn't work, the it seems that some J-Web site files are missing. Everything is working, except of J-Web. Our supplier upgraded to HM as well as to 18.1, I don't know what went wrong..

15.1X49-D150 is not E-EOL release and there are more then 3 releases between 18.1 and 15.1X49.

 

Which is the most optimal way to downgrade? Thank you!

 

P.S. Concerning the J-Web problem we have an error in JunOS Web-server logs as well is in browser debugger:

httpd: 2: GET /login.php?code=404&ruri=/installed_plugins/rbacProvider/nls/msgs.properties HTTP/1.1
httpd: 0: GET IFNAME WORKED ge-0/0/0.0
httpd: 2: CreateMGD: sendmsg to gk for url /login.php
httpd: 2: requestCompleted : Closing gk fd 15 for URL /login.php
httpd: 2: GET /installed_plugins/rbacProvider/nls/msgs_ru.properties?_=1533717924764 HTTP/1.1
httpd: 2: reportFailure: uri /installed_plugins/rbacProvider/nls/msgs_ru.properties with query string /installed_plugins/rbacProvider/nls/msgs_ru.properties&_=1533717924764
httpd: 2: Error: "Not Found", code 404 for URI "/installed_plugins/rbacProvider/nls/msgs_ru.properties", file "/html/installed_plugins/rbacProvider/nls/msgs_ru.properties": Can't open document: /html/installed_plugins/rbacProvider/nls/msgs_ru.properties.

 

File "/installed_plugins/rbacProvider/nls/msgs_ru.properties" is really missing in JunOS filesystem

Junos

Re: Junos Firmware 15x49.1 D150 vs 18.3

[ Edited ]
‎02-02-2019 04:00 AM

Dear KTK.

 

The supported Junos versions for SRX550 HM on software download page shows 15.1X49, 17.3, 17.4, 18.1 between installed version and recommended version. See on link below.

https://support.juniper.net/support/downloads/

 

The recommended downgrade path from 18.1R1.9 to 15.1X49-D150 should be two step process - from 18.1R1 to 17.3 and then to 15.1X49-D150 - in my humble opinion. The 18.1R1.9 is three releases away from 15.1X49-D150 and recommended is to upgrade/downgrade maximum two releases (doesn't apply to EEOL). See statement from Junos 18.1 for SRX release notes:

 


You can upgrade or downgrade to the EEOL release that occurs directly before or after the currently installed EEOL release, or to two EEOL releases before or after. For example, Junos OS Releases 12.3X48, 15.1X49, 17.3, and 17.4 are EEOL releases. You can upgrade from Junos OS Release 15.1X49 to Release 17.3 or from Junos OS Release 15.1X49 to Release 17.4.

 

Please read carefully release notes for 18.1, 17.4 and 17.3 and look for changes of behavior and syntax to prevent unwanted issues. Consult your Juniper SE  or JTAC when in doubts. Do the configuration backup as well.

 


@KTK wrote:

But after upgrade to 18.1 J-Web doesn't work, the it seems that some J-Web site files are missing. Everything is working, except of J-Web. Our supplier upgraded to HM as well as to 18.1, I don't know what went wrong..

 

P.S. Concerning the J-Web problem we have an error in JunOS Web-server logs as well is in browser debugger:

httpd: 2: GET /login.php?code=404&ruri=/installed_plugins/rbacProvider/nls/msgs.properties HTTP/1.1
httpd: 0: GET IFNAME WORKED ge-0/0/0.0
httpd: 2: CreateMGD: sendmsg to gk for url /login.php
httpd: 2: requestCompleted : Closing gk fd 15 for URL /login.php
httpd: 2: GET /installed_plugins/rbacProvider/nls/msgs_ru.properties?_=1533717924764 HTTP/1.1
httpd: 2: reportFailure: uri /installed_plugins/rbacProvider/nls/msgs_ru.properties with query string /installed_plugins/rbacProvider/nls/msgs_ru.properties&_=1533717924764
httpd: 2: Error: "Not Found", code 404 for URI "/installed_plugins/rbacProvider/nls/msgs_ru.properties", file "/html/installed_plugins/rbacProvider/nls/msgs_ru.properties": Can't open document: /html/installed_plugins/rbacProvider/nls/msgs_ru.properties.

 

File "/installed_plugins/rbacProvider/nls/msgs_ru.properties" is really missing in JunOS filesystem


 

Sorry to hear that. Looks like your installation might be corrupted.  You can try to reinstall Junos 18.1R1.9 as first step (copying the file from other unit with same Junos version might do the trick as well).  Note: URL path to missing file is relative to HTTP daemon root document directory.

 

Hope this helps. Let us know how it went with J-web and OS downgrade. It will help others in future.

 

Have a nice day.

 

Regards
Luděk Matoušek
JNCIS-ENT, JNCIS-SP, JNCIP-SEC, JNCIA-DevOps
Junos

Re: Junos Firmware 15x49.1 D150 vs 18.3

‎02-03-2019 03:45 AM

Hi.

 

Just for the record - the HTML deamon (httpd) files are located on following paths (at least on vSRX 3.0 with Junos 18.4R1):

- config file: /jail/var/etc/httpd.conf

- document root folder is:  /jail/html/

 

 

Regards
Luděk Matoušek
JNCIS-ENT, JNCIS-SP, JNCIP-SEC, JNCIA-DevOps
Junos

Re: Junos Firmware 15x49.1 D150 vs 18.3

‎02-05-2019 04:42 AM

Dear Ludek, thank you very much for your reply! Unfortunately I skipped your reply.

Anyway, I successfully upgraded directly from 18.1 to 15.1x49-D150 in one step.

First I've made a backup of 18.1 to USB.

 

Then there was a problem with config validation, because of new "category" option in "edit security utm...":

Validating against /config/juniper.conf.gz
/config/juniper.conf:210Smiley Sad32) syntax error at 'category'
[edit security utm feature-profile web-filtering juniper-local profile localprofile1]
'category {'
syntax error
/config/juniper.conf:214Smiley Sad25) error recovery ignores input until this point at '}'
[edit security utm feature-profile web-filtering juniper-local profile localprofile1]
'}'
error recovery ignores input until this point
Validation failed

 

I've deleted this string from config, everything is working without it Smiley Happy

 

And finally I've got 15x49D150 in SRX-550HM, but there is another problem, I shall describe it in the next message

Junos

Re: Junos Firmware 15x49.1 D150 vs 18.3

[ Edited ]
‎02-05-2019 05:25 AM

Everithing seemes to be working as for the main functions of JunOS and SRX, I didn't checked everything in 15.1X49D150.

I have one step forward in J-Web. After login page I see webpage and menus, but everything is broken.

By the way I have a SRX300 with initial JunOS 15.1X49D45 2016 and everything is perfect with JunOS there.

 

As for JunOS 15.1X49D150 in SRX550HM, I opened the HTTPD log and saw:

httpd: 2: Error: "Not Found", code 404 for URI "/extjs/resources/ext-theme-classic/ext-theme-classic-all.css", file "/html/extjs/resources/ext-theme-classic/ext-theme-classic-all.css": Can't open document: /html/extjs/resources/ext-theme-classic/ext-theme-classic-all.css.

 

Browser debugger said that no ext-theme-classic-all.css loaded.

I opened J-Web for SRX300 with JunOS 15.1X49D45 2016, there are no errors with CSS, by the way there are two CSS: for classic theme and for j-web theme. SRX300 is the NG SRX and J-web theme is loaded, as well as classic is available for browser too.

 

Then I've found that php-scripts (index.php and login.php in the root) contain  /html/extjs/resources/ext-theme-classic/ path to load ext-theme-classic-all.css, but there is no any CSS there,  the both CSS (for classic and for j-web are located in /jail/html/extjs/resources/ext-theme-jweb folder!

 

here is an index.php:

........

if(check_model('MODEL_NGSRX')) {
print <<<EOF
<script type="text/javascript" src="/javascript/ext-jnpr-slipstream.js?$urlArgs"></script>
<link rel="stylesheet" type="text/css" href="/extjs/resources/ext-theme-jweb/ext-theme-jweb-all.css"/>
<link rel="stylesheet" type="text/css" href="/extjs/resources/css/ext-all.css"/>
<link rel="stylesheet" type="text/css" href="/stylesheet/ext-jnpr-slipstream.css"/>
EOF;
} else {
print <<<EOF
<link rel="stylesheet" type="text/css" href="/extjs/resources/ext-theme-classic/ext-theme-classic-all.css"/>
EOF;

......

550 is not NG SRX, so  the browser was redirected to load extjs/resources/ext-theme-classic/ext-theme-classic-all.css,

but there is no ext-theme-classic-all.css in extjs/resources/ext-theme-classic/. ext-theme-classic-all.css is located in /jail/html/extjs/resources/ext-theme-jweb folder!

 

I tried to put this CSS to extjs/resources/ext-theme-classic folder, but I've got a message:

--- JUNOS 15.1X49-D150.2 built 2018-09-19 17:44:55 UTC
$ su root
Password:
root@juno% cp /jail/html/extjs/resources/ext-theme-jweb/ext-theme-classic-all.css /jail/html/extjs/resources/ext-theme-classic/
cp: /jail/html/extjs/resources/ext-theme-classic/ext-theme-classic-all.css: Read-only file system

 

As for 15.1X49D45 in SRX300, both CSS are in /jail/html/extjs/resources/ext-theme-jweb/ as well as in D150, but there is no redirect to classic css:

if(check_model('MODEL_NGSRX')) {
print <<<EOF
<link rel="stylesheet" type="text/css" href="/extjs/resources/css/ext-all.css"/>
EOF;
}
print <<<EOF
<link rel="stylesheet" type="text/css" href="/stylesheet/ext-jnpr.css"/>

 

There are some screens attached.

Attachments