ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

Unable to come out of Firmware boot loader in ISG 1000 and unable to access CLI mode

‎02-16-2015 02:35 PM

Hi,

 

ISG 1000 got into hung state and required to reboot it. But the firewall is not booting into CLI mode and directly going into firmware boot loader. We tried to load the boot loader which does not help me out. Please help me out how to come out of the firmware boot loader and access the CLI mode.

 

Juniper Networks ISG Series BootROM V1.1.1 (Checksum: 88D32336)
Copyright (c) 1997-2008 Juniper Networks, Inc.

Total physical memory: 2048MB
    Test - Pass
    Initialization................ Done

Hit key 'X' and 'A' sequentially to update OS Loader....

Loading OS Loader from on-board flash memory...

### invalid image file ###

Serial Number [0133012009000182]: READ ONLY
BOM Version [E07]: READ ONLY
Self MAC Address [0022-83a4-d980]: READ ONLY
OS Loader File Name [Load1000v103.d]:
Self IP Address [10.20.10.136]:
TFTP IP Address [10.20.10.135]:
Ip Address Mask [255]:
Default Gateway IP [0]:

Loading file "Load1000v103.d"...
rtatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatata
Loaded successfully! (size = 383,429 bytes)

********Invalid DSA signature

********Bogus image - not authenticated


Juniper Networks ISG Series BootROM V1.1.1 (Checksum: 88D32336)
Copyright (c) 1997-2008 Juniper Networks, Inc.

Total physical memory: 2048MB
    Test - Pass
    Initialization................ Done

Hit key 'X' and 'A' sequentially to update OS Loader....

Loading OS Loader from on-board flash memory...

### invalid image file ###

Serial Number [0133012009000182]: READ ONLY
BOM Version [E07]: READ ONLY
Self MAC Address [0022-83a4-d980]: READ ONLY
OS Loader File Name [Load1000v103.d]:

 

 

Regards,

Pradeep

7 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Unable to come out of Firmware boot loader in ISG 1000 and unable to access CLI mode

‎02-16-2015 02:47 PM

Appears to be an issue with the image authentication key.  Please contact JTAC for assistance.

ScreenOS Firewalls (NOT SRX)

Re: Unable to come out of Firmware boot loader in ISG 1000 and unable to access CLI mode

‎02-17-2015 08:25 AM

Thanks for the support..... Issue got resolved. We uploaded the same version boot loader which was downloaded year back and Firewall has accepted it and for some reason it is not taking the new boot loader of same version downloaded from the site.

ScreenOS Firewalls (NOT SRX)

Re: Unable to come out of Firmware boot loader in ISG 1000 and unable to access CLI mode

‎02-19-2015 04:53 PM

Try the procedure listed here for updating the signing key.

 

http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16495

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
ScreenOS Firewalls (NOT SRX)

Re: Unable to come out of Firmware boot loader in ISG 1000 and unable to access CLI mode

‎02-19-2015 05:11 PM

This is due to the image authentication key.  The firewall had the old signing key loaded, however, all bootloaders and ScreenOS images are now signed with a newer signing key.

ScreenOS Firewalls (NOT SRX)

Re: Unable to come out of Firmware boot loader in ISG 1000 and unable to access CLI mode

‎06-17-2016 07:24 AM

Dear PradeepSK,

 

We have same issue , Could you please share the old boot Loader.

 

Thanks in advance.

 

BR

ScreenOS Firewalls (NOT SRX)

Re: Unable to come out of Firmware boot loader in ISG 1000 and unable to access CLI mode

‎11-30-2018 05:45 AM

Hi,

 

Can you please share the old loader version.I am also facing same issue.

my mail id is viks.rwt111@gmail.com. i urgent

ScreenOS Firewalls (NOT SRX)

Re: Unable to come out of Firmware boot loader in ISG 1000 and unable to access CLI mode

‎12-01-2018 03:30 AM

You don't need old versions of the files for recovery.  All the instructions needed to use the new files are in this kb article.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=TSB16495

 

If you have a device currently booting, you follow the first instructions to upload the new signing key and proceed with the upgrade.

 

If you are getting the bogus image error you follow the instructions near the bottom of the kb article to recover from that message with the new files.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home