Upgrading Firmware of Juniper ISG 1000

To upgrade ScreenOS 5.4.0 R1 to 6.1.0 R5, you need to upgrade the basic NSRP active/passive configuration. Think, D1 is the primary device and D2 is the backup device. To upgrade these two devices in NSRP active/passive configuration, you need to use CLI.

First, upgrade the backup device, i.e. D2, from 10.240.254.39 to 6.1 R5. Follow the below steps to upgrade:

1) First, download the firmware file from the Juniper website and save it on your hard disk.

2) Now, extract the downloaded firmware file, i.e. “nsISG1000.6.1.0r5-cu9.rar” file.

3) Then, open the web browser and log in to the device using Read-Write Privileges.

4) Now, save the existing configuration, i.e. go to “Configuration” and then “Update” and then “Config File”. Then, click on “Save To File” and select the location to save the file and click on Save.

5) Then, go to “Configuration” and then “Update” and then “ScreenOS/Keys” and then click on “Firmware Update”.

6) Click on the Browse and select the location or path of the ScreenOS Firmware file and click on Apply.

7) Then, click on OK when you get the dialog box about the information on the upgrade time.

8 ) The security device will restart automatically. When you get the login page of the security device, then it means that the upgrade is complete.

9) Now, login to the security device and verify the version of the device in the WebUI page.

10) Now, login to the D2 using Telnet or SSH with the Read-Write privileges.

11) Now, save the existing configuration using below command:

save config to {flash | slot1 | tftp}

12) Then, run the TFTP server on the computer.

13) Then, type the below command on the security device and hit Enter:

save soft from tftp <ip_address> <filename> to flash

Where, <filename> is the filename of the ScreenOS 6.1.0 Firmware and <ip_address> is the IP address of your computer.

14) Once the upgrade completes, run the “reset” command and type “Y” when it prompts for confirmation to reset the device.

15) Wait some time and then login to the security device.

16) Now, run the “get system” command to verify the version of the firmware.

17) Now, from the CLI, follow the below steps:

a)      Login to the primary device, i.e. D1

b)      Run any one of the below command:

If the Prompt option is enabled, then run the below command:

exec nsrp vsd-group 0 mode ineligible

If the Prompt option is not enabled, then run the below command:

exec nsrp vsd-group 0 mode backup

Now, upgrade the primary device, i.e. D1 10.240.254.38 from the WebUI:

1) Open the web browser and login to the device.

2) Now, save the existing configuration, i.e. go to “Configuration” and then “Update” and then “Config File”. Then, click on “Save To File” and select the location to save the file and click on Save.

3) Then, go to “Configuration” and then “Update” and then “ScreenOS/Keys” and then click on “Firmware Update”.

4) Click on the Browse and select the location or path of the ScreenOS Firmware file and click on Apply.

5) Then, click on OK when you get the dialog box about the information on the upgrade time.

6) The security device will restart automatically. When you get the login page of the security device, then it means that the upgrade is complete.

7) Now, login to the security device and verify the version of the device in the WebUI page.

8 ) Then, from the CLI, login to the security device, i.e. D1.

9) Now, save the existing configuration using below command:

save config to {flash | slot1 | tftp}

10) Then, run the TFTP server on the computer.

11) Then, type the below command on the security device and hit Enter:

save soft from tftp <ip_address> <filename> to flash

Where, <filename> is the filename of the ScreenOS 6.1.0 Firmware and <ip_address> is the IP address of your computer.

12) Once the upgrade completes, run the “reset” command and type “Y” when it prompts for confirmation to reset the device.

13) Wait some time and then login to the security device.

14) Now, run the “get system” command to verify the version of the firmware.

15) Then, synchronize the primary device, i.e. D1, (CLI Only). Once the upgrade completes, then manually synchronize both the devices.

NOTE: Now, your primary device is D2 and backup is D1.

16) On the D1, run the below command from the peer CLI to synchronize the RTOs from the D2:

exec nsrp sync rto all from peer

17) Now, from the CLI, login to the D2 (primary device).

18) If the “Preempt” option is enabled on the D1, then no need to do anything. The upgrade is completed.

If the “Preempt” option is not enabled on the D1, then run the below command:

exec nsrp vsd-group 0 mode backup