These notes assume that the bootloader is already up to date, and that we're just upgrading the ScreenOS software.
Standalone Firewall
1) Download the latest ScreenOS release and release notes from Juniper support.
2) Backup (save) the config via GUI:
Configuration -> Update -> Config File -> Save to File
or Save Config via CLI: "save config to tftp ?"
3) Configuration -> Update -> Firmware/ScreenOS -> Load File. The Netscreen or SSG will now reboot and come back up at the new version.
-------------------------------------------------------------------2) Backup (save) the config via GUI:
Configuration -> Update -> Config File -> Save to File
or Save Config via CLI: "save config to tftp ?"
3) Configuration -> Update -> Firmware/ScreenOS -> Load File. The Netscreen or SSG will now reboot and come back up at the new version.
Upgrade HA NSRP Pair - IN ATIVE/STANDBY Mode
- Upgrade Standby Unit First- Configuration -> Update -> ScreeOS/Keys -> Firmware (ScreenOS) -> Load File -> Apply
- This will upload file, apply new image, and reboot. WebUI will time out while device is rebooting. WebUI should refresh back to Netscreen login page after it reboots - may take several minutes (after 5 min or so if it doesn't refresh back to login page, hit the refresh button every 1-2 mins).
- Login and Confirm Home page shows new version
- Failover to secondary (On Primary: exec nsrp vsd-group 1 mode ineligible) - you can confirm group 1 is the correct VSD group through Network -> NSRP -> VSD Group
- Confirm Secondary is Master (from CLI prompt should change from (B) (backup) to (M) (master).
- Upgrade Primary
- Login to Primary Confirm home screen shows new version
- On Primary: exec nsrp sync rto all from peer (syncs objects with secondary)
- Primary may fail back to master after it upgrades/reboots (if preempt is enabled); if it does not, and secondary is still active after the primary upgrade, manually fail primary back to active/master from secondary by using: exec nsrp vsd-group 1 mode backup
-------------------------------------------------------------------
Upgrade HA NSRP Pair - IN ATIVE/ACTIVE Mode
Similar to the above note, except:
Fail over master/B (Group # changes):
• If the preempt option is enabled:
exec nsrp vsd-group 1 mode ineligible
• If the preempt option is not enabled:
exec nsrp vsd-group 1 mode backup
Then fail over other device and upgrade.
Followed by SYNC: exec nsrp sync rto all
Note: Use "get nsrp" from the CLI (or viewed through the WebUI) to make sure you're using the correct VSD group in the commands above. Also use "get system" after the upgrade to confirm the upgrade was successful and reflects the new version.
Also see: http://kb.juniper.net/index?page=content&id=KB13672&pmv=print
No comments:
Post a Comment