Step Essentials:
. backup recovery configuration file and ISO
. Upgrade the new version of the boot loader and ISO
Backup recovery configuration file and ISO
Due to backup restore this piece, online reprint a special detailed to everyone spare, here I don't nonsense
In order to prevent the Juniper Firewall equipment failure in the case of network interruption, to ensure the uninterrupted operation of the user business, the Juniper Firewall is the case of the rapid recovery of the specific description.
First, the device reboot:
Juniper Firewall During the operation of the running exception, if the need for system reset, the console cable can use the Reset command to restart the firewall, during the restart can be seen on the operating terminal firewall-related boot information
Second, the operating system backup:
The firewall operating system ScreenOS can be backed up to a local device during routine maintenance by starting the TFTP server and executing at the command line: Save software from Flash to tftp x.x.x.x filename
Third, the operating system recovery:
When there is an exception to the firewall work, there are two ways to quickly restore the firewall operating system, command-line: Save software from tftp x.x.x.x filename to Flash, or via Web: Configuration > Update > Screenos/keys Select the firmware update (screenos) option and select the local ScreenOS file in the load file bar, and then click the Apply button. The firewall will restart automatically after uploading the ScreenOS
Fourth. Configuration file Backup:
During routine maintenance, you can back up your firewall configuration information locally to facilitate recovery in the case of a failure, operating in three ways:
1. Start the TFTP server and execute at the command line: Save config from flash to tftp x.x.x.x filename
2, through the Super Terminal remote TELNET/SSH to the firewall, through the log log to record the Get config information to the local.
3. Profile backup via Web page: Configuration > Update > Config file, click Save to File
Fifth. Configuration file Recovery:
Firewall current configuration information if there is an error, the need for rapid recovery of configuration information, operating in three ways:
1, start the TFTP server and execute at the command line: Save config from tftp x.x.x.x filename to flash, the configuration file upload needs to perform reset command to restart.
2. Profile recovery via Web page: Configuration > Update > Config file, select the Replace current Configuration and choose the backup configuration file for recovery from the local device. When you click Apply, the system will reboot to take effect on the new configuration.
3, through the HyperTerminal remote Telnet/ssh to the firewall, through the unset all command to clear the firewall configuration, and restart, after the restart of the backup configuration command to paste into the firewall.
Sixth, restore the factory value:
Console cable connected to the firewall, the Reset command to restart the firewall, and use the firewall's 16-bit serial number as the account/password to log in, you can quickly restore the firewall configuration to the factory value.
Seventh, hardware failure processing:
When a firewall fails, and the configuration and ScreenOS software failures have been eliminated, you can switch to the standby device through NSRP to restore the network operation and further locate the hardware failure. The switch mode is 1, unplug the upper and lower line network cable of the main firewall (only if the device is powered off, you need to unplug the HA connection of the device), the firewall will automatically make the primary standby switch. 2, or on the main device execution: EXEC NSRP vsd-group ID 0 mode backup, manually perform firewall master switch.
Eighth, equipment repair (RMA):
If the hardware failure of the firewall is confirmed by Juniper, please contact the equipment agent in time. The equipment agent will perform an RMA (repair of equipment) for damaged parts or equipment under warranty during the warranty period according to the repair process.
Upgrade the new version of the boot loader and ISO
First connect to ssg140 through console, upgrade bootloader and then upgrade ISO
Login: ys_admin
Password:
SSG140-JL-CNC-> reset
System reset, are you sure? y/[n] y
In reset ...
Juniper Networks SSG-140 Boot Loader Version 3.2.3 (Checksum: ECD688CB)
Copyright (c) 1997-2006 Juniper Networks, Inc.
Total physical memory: 512MB
Test - Pass
Initialization - Done
Hit any key to run loader
Hit any key to run loader
Tips have the above "Hit any key to run loader" need to quickly press any key, please do not press Enter, so that the back setting will default to the next down, press the wrong step, please use the keyboard direction button to return
Serial Number [0185082008002503]: READ ONLY
HW Version Number [1010]: READ ONLY
Self MAC Address [0021-5924-5d80]: READ ONLY
Boot File Name [ssg140.5.4.0r11.0.bak]: - Write the update SSG140 Boot Loader file name
Self IP Address [10.10.10.18]: 122.141.26.196 Write ssg140 itself ip address
TFTP IP Address [10.10.10.254]: 122.141.26.25 Write the IP address of TFTP
Save loader config (56 bytes)... Done
The configured TFTP server is connected to port 1
Loading file "-"...
r
Receiving data block ...
#448
Loaded Successfully! (size = 233,074 bytes)
Ignore image authentication!
Save to on-board flash disk? (y/[n]/m) Yes!
Saving system image to on-board flash disk...
Done! (size = 233,074 bytes)
Run downloaded system image? ([y]/n) Yes!
Start loading...
............
Done.
************************************************** ****************
* =======================================================
* (c) 1997-2006 Juniper Networks, Inc. *
* All Rights Reserved *
* *
* ---------------------------------------------- *
* SSG140 Boot Loader Version: 3.2.5 *
* Compile Date: Apr 10 2009; Time: 18:38:16 *
* *
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* ! ! *
* ! Please don't power off during update. ! *
* ! Otherwise, the system can not boot again. ! *
* ! ! *
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
* *
* *** DON'T POWER OFF DURING BOOT LOADER UPDATE *** *
* *** DON'T POWER OFF DURING BOOT LOADER UPDATE *** *
* *** DON'T POWER OFF DURING BOOT LOADER UPDATE *** *
* *
************************************************** ****************
Check on-board Boot Loader... Update needed!
Are you sure you want to update Boot Loader? (y/n) y
Read product information of on-board boot flash device:
Manufacturer ID = 01
Device ID = 4f
Boot flash device is Am29LV040B
Erase on-board boot flash device................. Done
Update Boot Loader............................................... .................................................. .................................................. .................................................. .................................................. .................................................. .................................................. .................................................. .................................................. .................................................. .................................................. .................................................. .................................................. ................. Done
Verify Boot Loader... Done
Boot Loader has been updated successfully!
Please hit any key to reboot the system...
Juniper Networks SSG-140 Boot Loader Version 3.2.5 (Checksum: E0C51885)
Copyright (c) 1997-2006 Juniper Networks, Inc.
Total physical memory: 512MB
Test - Pass
Initialization - Done
Hit any key to run loader
Wait for the restart and press any key to update the SSG140 ISO.
Serial Number [0185082008002503]: READ ONLY
HW Version Number [1010]: READ ONLY
Self MAC Address [0021-5924-5d80]: READ ONLY
Boot File Name [-]: ssg140.6.2.0r3.0 write update SSG140 ISO file name
Self IP Address [122.141.26.196]:
TFTP IP Address [122.141.26.251]: Directly enter because of the recording function
IP MASK [255.255.255.0]: 255.255.255.192 Fill in the subnet mask
GW IP Address [122.141.26.251]: 122.141.26.193 Fill in the gateway
Save loader config (108 bytes)... Done
The configured TFTP server is connected to port 1
Loading file "ssg140.6.2.0r3.0"...
R import takes a few minutes
Receiving data block ...
#23280
Loaded Successfully! (size = 11,926,107 bytes)
Ignore image authentication!
Save to on-board flash disk? (y/[n]/m) Yes!
Saving system image to on-board flash disk...
Done! (size = 11,926,107 bytes)
Run downloaded system image? ([y]/n) Yes!
Start loading...
..
.................................................. .............
.................................................. ...............
.................................................. ...............
.................................................. ...............
.................................................. ...............
.................................................. ...............
.................................................. ...............
.................................................. ...............
.................................................. ...............
.................................................. ...............
.................................................. ...............
.............
Done.
Juniper Networks, Inc
Security Services Gateway System Software
Copyright, 1996-2008
Min_pfn = 13000, max_pfn = 1c000, mem_size = 1c000000
Bootmap_size = 3800
Version 6.2.0r3.0
Load Manufacture Information ... Done
Initialize FBTL 0.. Done
Load NVRAM Information ... (5.4.0)Done
Install module init vectors
The device is storing the firmware into reserved flash sectors.
Please do not power off the device during this operation. Doing so could result in loss of firmware.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The device successfully completed the operation.
IXP23XX XScale Initialing ...
IXP23XX XScale Initialing ... Successfully!
Install modules (011c0000,01e1f150) ...
PPP IP-POOL initiated, 256 pools
Initializing DI 1.1.0-ns
System config (2019 bytes) loaded
Done.
Load System Configuration .....................................
Unsupported command - set zone "VLAN" block
.................................................. .................................................. ..........................................Done
Platform = 24, cpu = 12, version = 18
Offset = 20, address = 5800000, size = 11926029
Date = 18e6, sw_version = 31008000, cksum = dc34455c
Backup image...Done
System init done..
Login: ethernet0/1 interface change physical state to Up
Ethernet0/2 interface change physical state to Up
System change state to Active(1)
Login: ys_admin
Password:
SSG140-JL-CNC-> get system version
Encoding: 1
Version: 6.2.0.1.0.0.0.0 indicates that the upgrade was successful.
DM Version: 1
Attachment: http://down.51cto.com/data/2356359