Juniper SRX – Upgrading JunOS from USB

There’s a few ways to do this. Here’s the easiest:

First, format your USB drive as fat32. Download the compressed image from Juniper (e.g. junos-srxsme-15.1X49-D80.4-domestic.tgz) and load it onto the USB drive.

Whilst logged into the SRX’s console, plug in the USB drive. You’ll see something like the below:

  1. umass1: TOSHIBA TransMemory, rev 2.00/1.00, addr 2
  2. da1 at umass-sim1 bus 1 target 0 lun 0
  3. da1: <TOSHIBA TransMemory 1.00> Removable Direct Access SCSI-4 device
  4. da1: 40.000MB/s transfers
  5. da1: 7400MB (15155200 512 byte sectors: 255H 63S/T 943C)

This tells you that the USB drive is available at /dev/da1. Assuming your drive has a single partition, that means the filesystem will be at /dev/da1s1.

Jump into the FreeBSD shell:

  1. start shell

Create a directory and mount the USB drive to it:

  1. mkdir /var/tmp/usb/
  2. mount_msdosfs /dev/da1s1 /var/tmp/usb/

Check that your JunOS image is present on the mount:

  1. root@% ls -1 /var/tmp/usb/
  2. junos-srxsme-15.1X49-D80.4-domestic.tgz

Jump back to the main JunOS console:

  1. exit

Install the image:

  1. request system software add no-copy /var/tmp/usb/junos-srxsme-15.1X49-D80.4-domestic.tgz

Reboot your device:

  1. request system reboot in 0

Once rebooted, sanity check your new install. If all is ok, you need to copy the JunOS image to the backup partition else if your SRX ever fails to boot then it will boot into your old JunOS:

  1. request system snapshot slice alternate

Once done, you can check it:

  1. root> show system software
  2. Information for junos:
  3.  
  4. Comment:
  5. JUNOS Software Release [15.1X49-D80.4]
  6.  
  7. root> show system software backup
  8. Backup JUNOS package information:
  9. File name: /altroot/cf/packages/junos-15.1X49-D80.4-domestic
  10. File size: 249978054

And that’s it.

Juniper SRX PPPoE Configuration for Plusnet ADSL

This was a bit of a faff, so I thought I’d document it. The setup here is an ADSL modem plugged into ge-0/0/4 with the SRX doing PPPoE (CHAP) via that modem. Apparently this is the same for VDSL2 (FTTC) via the BT OpenReach modem also. Config below:

  1. interfaces {
  2. ge-0/0/4 {
  3. description "Plusnet Off-Net WAN via Zyxel Modem";
  4. unit 0 {
  5. encapsulation ppp-over-ether;
  6. }
  7. }
  8. pp0 {
  9. unit 0 {
  10. ppp-options {
  11. chap {
  12. default-chap-secret "your-password";
  13. local-name "yourusername@plusdsl.net";
  14. no-rfc2486;
  15. passive;
  16. }
  17. }
  18. pppoe-options {
  19. underlying-interface ge-0/0/4.0;
  20. idle-timeout 0;
  21. auto-reconnect 10;
  22. client;
  23. }
  24. family inet {
  25. mtu 1480;
  26. negotiate-address;
  27. }
  28. }
  29. }
  30. }
  31. routing-options {
  32. static {
  33. route 0.0.0.0/0 next-hop pp0.0;
  34. }
  35. }
  36. security {
  37. zones {
  38. security-zone public {
  39. interfaces {
  40. pp0.0 {
  41. host-inbound-traffic {
  42. system-services {
  43. ping;
  44. traceroute;
  45. ike;
  46. ssh;
  47. }
  48. }
  49. }
  50. }
  51. }
  52. }
  53. flow {
  54. tcp-mss {
  55. all-tcp {
  56. mss 1440;
  57. }
  58. }
  59. }
  60. }