ScreenOS : Upgrading firmware from CLI

By | November 6, 2012

Juniper ScreenOS for SSG security appliance can be managed either through the Web UI or command line interface (CLI).

Upgrade through the Web interface can be endless and painful. The best way to do it is through the CLI.

To accomplish this task, you’ll need :

SSH or Telnet client
TFTP server

Here is a quick how to do it.

First, you need to get the ScreenOS from juniper.net Web site, unpack and make it available on a local TFTP server.

1. Connect to your device using the SSH client :

2. Save your current config (as a policy insurance in case something goes wrong!) :

3. Download and flash the image on your device :

[Example :  save software from tftp 192.168.1.1 ssg5ssg20.6.3.0r12.0 to flash]

Or from USB :

4. The image is now uploading and firmware will be flashed automaticaly once complete. You should see the following output :

Load software from TFTP 0.0.0.0 (file: ssg5ssg20.6.3.0r12.0).
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
tftp received octets = 13353346
tftp success!

TFTP Succeeded
Save to flash. It may take a few minutes …platform = 25, cpu = 12, version = 18
update new flash image (02575760,13353346)
platform = 25, cpu = 12, version = 18
offset = 20, address = 5800000, size = 13353268
date = 1f08, sw_version = 31808000, cksum = 42d91b23
Program flash (13353346 bytes) …
+++++++++++++++++++++++++++++++++++++++++++++++++++++done
Done
SSG5 ->

5. You may now reboot your appliance to boot into the new ScreenOS version :

Tips & tricks :

To get the current running configuration :

To get the current version informations :

To downgrade to earlier version of ScreenOS :