Juniper SSG5 從Bootloader升級ScreenOS



Juniper SSG5 Bootloader升級ScreenOS

在繼續閱讀前請先看過以下連結,非常重要  

 (os無法成功開機進入系統時)
Juniper SSG 5hboot loader升級ScreenOS所需環境如下:
下載的新版本boot loaderssg5ssg20.6.3.0r23
PC
電腦:啟動tftpd64 TFTP Server(CD中有免安裝版),其預設根目錄預設為D:\TFTP,必須將ssg5ssg20.6.3.0r23先放置到該目錄下。PC電腦ip地址是192.168.1.11(必須為固定IP因為從 boot loader升級ScreenOS過程SSG5 DHCP並不會分派IP)
然後使用超級終端機連接到SSG5 console port
若不知如何連線console請參考下列連結:


以下開始示範整個升級流程,乃超級終端機連線登入CONSOLE埠後,超級終端機上顯示的畫面:
login: netscreen                        登入SSG5
password:
ssg5-serial-> delete crypto auth-key       刪除image key
ssg5-serial-> save image-key tftp 192.168.1.11 imagekey.cer  載入欲更新的Imagekey
Load file  from TFTP 192.168.1.11 (file: imagekey.cer).
!!!!!
tftp received octets = 863
tftp success!
Done
TFTP Succeeded
ssg5-serial->
ssg5-serial-> reset                重新開機,在開機過程中,按鍵進入bootloader模式
System reset, are you sure? y/[n] y
In reset ...

Juniper Networks SSG5 Boot Loader Version 1.3.3 (Checksum: A1EAB858)
Copyright (c) 1997-2006 Juniper Networks, Inc.
Total physical memory: 128MB
    Test - Pass
    Initialization - Done

Hit any key to run loader
Hit any key to run loader          記得要按個鍵......

Serial Number [0162112011005923]: READ ONLY
HW Version Number [0710]: READ ONLY
Self MAC Address [78fe-3d95-7e80]: READ ONLY
Boot File Name [screenos_image]: ssg5ssg20.6.3.0r23      輸入新的檔名
Self IP Address [192.168.2.27]: 192.168.1.7  輸入SSG5 IP位址,必須避開192.168.1.1這個位址
TFTP IP Address [192.168.2.100]: 192.168.1.11      輸入TFTP SERVER IP位址
Loading file "ssg5ssg20.6.3.0r23"...
rtatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat                                                                               
atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat                                                                               
……
atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatat                                                                               
atatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatatata 
Loaded Successfully!
Image authentication!
Save to on-board flash disk? (y/[n]/m) Yes!      千萬要按 Y
Run downloaded system image? ([y]/n) Yes!       千萬要按 Y
Start loading...
.................................................................
.................................................................
.................................................................
......
Done.
大功告成!!

上述做法乃是標準程序步驟。

一般我們在更新Juniper SSG5防火牆ScreenOS時會遇到下列兩種不同的情況:
一、升、降級ScreenOS版本的範圍會跨越新、舊Image Key適用版本範圍
如果您升、降級ScreenOS版本的範圍會跨越新、舊Image Key適用的版本範圍,則您就必須採用標準程序才行。例如要從ssg5ssg20.6.0.0r1.0升級到ssg5ssg20.6.3.0r22.0,或是從ssg5ssg20.6.3.0r23降級到ssg5ssg20.6.3.0r5.0等情形,其過程都必須依照標準程序來作業。

二、升、降級ScreenOS版本的範圍是在個別新、舊的Image Key適用版本之內
而若您升、降級ScreenOS版本的範圍是在新的Image Key適用版本之內(適用於6.3.0r19以後之版本),則您的升、降ScreenOS版本的程序可以省略移除與載入Image Key的步驟,直接執行save software from tftp 192.168.1.11 ssg5ssg20.6.3.0r22.0 to flashreset命令即可,舉例來說,若您運行中的screenos版本為ssg5ssg20.6.3.0r21.0,則您可以直接在CLI模式中任意升降至ssg5ssg20.6.3.0r24ssg5ssg20.6.3.0r23ssg5ssg20.6.3.0r22.0ssg5ssg20.6.3.0r20.0ssg5ssg20.6.3.0r19.0等版本,而不用去執行移除與載入Image Key的步驟。
相同的道理,若您升、降ScreenOS版本的範圍是在舊的Image Key適用版本之內(適用於6.3.0r18以前之版本),其步驟也一樣。

 


[ScreenOS] Unable to TFTP > 32 MB Data

Summary:
Trying to send session table to tftp server, and it transfers up to 32 MB, then times out
Solution:
There is a limit to the maximum size of data that can be transferred via TFTP.  An enhancement was made to the bootloaders that will allow you to TFTP > 32 MB data.  The bootloaders capable of this include the following:
可以通過 TFTP 傳輸的最大資料大小有一個限制。 bootloaders 進行了增強, 使您可以對大於 32 MB 資料進行 TFTP資料傳輸。 bootloaders 的能力包括以下內容:
Platform
Bootloader Version
SSG-5/20
1.3.2 (included with upgrade to ScreenOS 6.1.0)
SSG-140
3.2.4
SSG-320/350
3.0.6
SSG-520/550
1.0.5
NS-ISG-1000
1.0.2 (both IDP and non-IDP versions)
NS-ISG-2000
1.1.6 (both IDP and non-IDP versions)
NS-5000
1.0.3 (includes 5200/5400, M2A/M3A)

Note:  There is no upper limit to the size of the TFTP transfer when upgrading to the bootloader versions specified above.
注意: 升級到上面指定的引導程式版本時, TFTP 傳輸的大小沒有上限。
Firewall devices running bootloader versions below the above have a maximum capacity of 32 MB for TFTP transfers.
防火牆設備運行中bootloader版本若低於上述版本,則其TFTP最大傳輸量為 32 MB

NoteInstallation from the loader-over-TFTP method does not work reliably over slow speeds or large latency networks.
注意: loader-over-TFTP 方法進行的安裝在低速速度或大延隔時間網路上無法可靠地運行。



這個網誌中的熱門文章

如何測試網路連線--網路斷線了怎麼辦?

筆記電腦刷BIOS失敗無法開機—用CH341A編程器重刷BIOS教學!

查理王的電腦部落格-首頁