1、备份OS:
SSG140-> save software from flash to tftp 192.168.1.3 ssg140_old
备份bootloader
SSG140-> save bootloader from flash to tftp 192.168.1.3 bootloader_old
2、升级bootloader
SSG140-> save bootloader from tftp 192.168.1.3 Loadssg140v325.d to flash
3、升级OS:
SSG140-> save software from tftp 192.168.1.3 ssg140.6.3.0r18.0 to flash
报错(2014.6.1之后juniper新发布的ScreenOS,使用了新的数字证书做签名,导致老设备在升级到新系统时,报“文件校验失败”,系统升级失败。参考http://kb.juniper.net/TSB16495)
********Invalid image!!!
********Bogus image - not authenticated!!!
4、查看老签名证书:(关键字c,表示是老证书)
SSG140-> exec pki test skey
exec pki test <skey>.
Flash base = 0xd1000000, Flash end = 0x0, sector size= 0x20000
KEY1 N/A len =432
308201ac02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0
KEY2 N/A len =432
308201ac02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0
KEY3 N/A len =432
308201ac02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0
5、升级新的签名证书
SSG140-> save image-key tftp 192.168.1.3 imagekey.cer
Load file from TFTP 192.168.1.3 (file: imagekey.cer).
!!!!!
tftp received octets = 863
tftp success!
Done
也可以通过网页升级
6、证书升级之后的校验:(关键字d,表示是新证书)
SSG140-> exec pki test skey
exec pki test <skey>.
Flash base = 0xd1000000, Flash end = 0x0, sector size= 0x20000
KEY1 N/A len =433
308201ad02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0
KEY2 N/A len =433
308201ad02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0
KEY3 N/A len =433
308201ad02010002818100fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b651 magic1 = f7e9294b magic2=0
7、升级证书之后,再升级OS
SSG140-> save software from tftp 192.168.1.3 ssg140.6.3.0r18.0 to flash
8、升级成功之后,需要重启才能加载新版本OS,之前的老配置不变