ScreenOS : Upgrading firmware from CLI

By | November 6, 2012

Juniper ScreenOS for SSG security appliance can be managed either through the Web UI or command line interface (CLI).

Upgrade through the Web interface can be endless and painful. The best way to do it is through the CLI.

To accomplish this task, you’ll need :

SSH or Telnet client
TFTP server

Here is a quick how to do it.

First, you need to get the ScreenOS from Web site, unpack and make it available on a local TFTP server.

1. Connect to your device using the SSH client :

ssh netscreen@<ip_addr>

2. Save your current config (as a policy insurance in case something goes wrong!) :

save config to tftp <ip_addr> <filename.cfg>

3. Download and flash the image on your device :

save soft from tftp <ip_addr> <filename> to flash

[Example :  save software from tftp ssg5ssg20.6.3.0r12.0 to flash]

Or from USB :

save software from usb ssg20.6.3.0r12.0 to flash

4. The image is now uploading and firmware will be flashed automaticaly once complete. You should see the following output :

Load software from TFTP (file: ssg5ssg20.6.3.0r12.0).
tftp received octets = 13353346
tftp success!

TFTP Succeeded
Save to flash. It may take a few minutes …platform = 25, cpu = 12, version = 18
update new flash image (02575760,13353346)
platform = 25, cpu = 12, version = 18
offset = 20, address = 5800000, size = 13353268
date = 1f08, sw_version = 31808000, cksum = 42d91b23
Program flash (13353346 bytes) …
SSG5 ->

5. You may now reboot your appliance to boot into the new ScreenOS version :


Tips & tricks :

To get the current running configuration :

get config

To get the current version informations :

get system

To downgrade to earlier version of ScreenOS :

exec downgrade