步骤要领:
.备份恢复配置文件及ISO
.升级新版本的boot loader及ISO
备份恢复配置文件及ISO
由于备份恢复这块,网上转载一篇特别详细给大家备用,此处我就不废话
为防止Juniper防火墙设备故障情况下造成网络中断,保障用户业务不间断运行,现针对Juniper防火墙故障情况下的快速恢复做具体描述。
一、设备重启动:
Juniper防火墙在工作期间出现运行异常时,如需进行系统复位,可通过console线缆使用reset命令对防火墙进行重启,重启动期间可以在操作终端上查看防火墙相关启动信息
二、操作系统备份:
日常维护期间可将防火墙操作系统ScreenOS备份到本地设备,操作方式为:启动tftp 服务器并在命令行下执行:save software from flash to tftp x.x.x.x filename
三、操作系统恢复:
当防火墙工作发生异常时,可通过两种方式快速恢复防火墙操作系统,命令行方式:save software from tftp x.x.x.x filename to flash,或通过web方式:Configuration > Update > ScreenOS/Keys下选中Firmware Update (ScreenOS)选项,并在Load File栏选中保存在本地的ScreenOS文件,然后点击apply按钮,上传ScreenOS后防火墙将自动进行重启
四、配置文件备份:
日常维护期间可将防火墙配置信息备份到本地以便于故障时的恢复,操作方式有三种:
1、启动tftp 服务器并在命令行下执行:save config from flash to tftp x.x.x.x filename
2、通过超级终端远程telnet/ssh到防火墙,通过log记录方式将get config配置信息记录到本地。
3、通过web页面进行配置文件备份:Configuration > Update > Config File,点击save to file
五、配置文件恢复:
防火墙当前配置信息若存在错误,需进行配置信息快速恢复,操作方式有三种:
1、启动tftp 服务器并在命令行下执行:save config from tftp x.x.x.x filename to flash,配置文件上传后需执行reset命令进行重启。
2、 通过web页面进行配置文件恢复:Configuration > Update > Config File,选中Replace Current Configuration,并从本地设备中选中供恢复的备份配置文件,点击apply后系统将进行重启动使新配置生效。
3、通过超级终端远程telnet/ssh到防火墙,通过unset all 命令清除防火墙配置,并进行重启,重启后将备份的配置命令粘贴到防火墙中。
六、恢复出厂值:
console线缆连接到防火墙,通过reset命令对防火墙进行重启,并使用防火墙的16位序列号作为账号/口令进行登陆,可将防火墙配置快速恢复为出厂值。
七、硬件故障处理:
当 防火墙出现故障时,且已经排除配置故障和ScreenOS软件故障,可通过NSRP切换到备用设备来恢复网络运行,并进一步定位硬件故障。切换方式为1、 拔掉主用防火墙的上下行网线(仅在设备关闭电源的情况下,才需要拔掉该设备的HA连线),防火墙将自动进行主备切换。2、或在主用设备上执行:exec nsrp vsd-group id 0 mode backup,手动执行防火墙主备切换。
八、设备返修(RMA):
如经Juniper公司确认防火墙发生硬件故障,请及时联系设备代理商。设备代理商将根据报修流程,由Juniper公司对保修期内的损坏部件或设备进行RMA(设备返修)。
升级新版本的boot loader及ISO
首先通过console连接到ssg140,先升级bootloader再升级ISO
login: ys_admin
password:
SSG140-JL-CNC->
reset
System reset, are you sure? y/[n]
y
In reset ...
Juniper Networks SSG-140 Boot Loader Version 3.2.3 (Checksum: ECD688CB)
Copyright (c) 1997-2006 Juniper Networks, Inc.
Total physical memory: 512MB
Test - Pass
Initialization - Done
Hit any key to run loader
Hit any key to run loader
提示有上面” Hit any key to run loader”需快速按任意键,请别按回车,免得后面设置会默认一直往下,按错下一步请用键盘方向键退回来
Serial Number [0185082008002503]: READ ONLY
HW Version Number [1010]: READ ONLY
Self MAC Address [0021-5924-5d80]: READ ONLY
Boot File Name [ssg140.5.4.0r11.0.bak]: -
写上更新SSG140 Boot Loader文件名称
Self IP Address [10.10.10.18]: 122.141.26.196
写上ssg140本身ip地址
TFTP IP Address [10.10.10.254]: 122.141.26.25
写上TFTP的ip地址
Save loader config (56 bytes)... Done
The configured TFTP server is connected to port 1
Loading file "-"...
r
Receiving data block ...
#448
Loaded Successfully! (size = 233,074 bytes)
Ignore image authentication!
Save to on-board flash disk? (y/[n]/m) Yes!
Saving system image to on-board flash disk...
Done! (size = 233,074 bytes)
Run downloaded system image? ([y]/n) Yes!
Start loading...
............
Done.
******************************************************************
* ============================================== *
* (c)1997-2006 Juniper Networks, Inc. *
* All Rights Reserved *
* *
* ---------------------------------------------- *
* SSG140 Boot Loader Version: 3.2.5 *
* Compile Date: Apr 10 2009; Time: 18:38:16 *
* *
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! *
* ! ! *
* ! Please don't power off during update. ! *
* ! Otherwise, the system can not boot again. ! *
* ! ! *
* !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! *
* *
* *** DON'T POWER OFF DURING BOOT LOADER UPDATE *** *
* *** DON'T POWER OFF DURING BOOT LOADER UPDATE *** *
* *** DON'T POWER OFF DURING BOOT LOADER UPDATE *** *
* *
******************************************************************
Check on-board Boot Loader... Update needed!
Are you sure you want to update Boot Loader? (y/n)
y
Read product information of on-board boot flash device:
Manufacturer ID = 01
Device ID = 4f
Boot flash device is Am29LV040B
Erase on-board boot flash device................. Done
Update Boot Loader........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ Done
Verify Boot Loader... Done
Boot Loader has been updated successfully!
Please hit any key to reboot the system...
Juniper Networks SSG-140 Boot Loader Version 3.2.5 (Checksum: E0C51885)
Copyright (c) 1997-2006 Juniper Networks, Inc.
Total physical memory: 512MB
Test - Pass
Initialization - Done
Hit any key to run loader
等重启也按任意键更新SSG140 ISO
Serial Number [0185082008002503]: READ ONLY
HW Version Number [1010]: READ ONLY
Self MAC Address [0021-5924-5d80]: READ ONLY
Boot File Name [-]: ssg140.6.2.0r3.0
写上更新SSG140 ISO文件名称
Self IP Address [122.141.26.196]:
TFTP IP Address [122.141.26.251]:
由于有记录功能,直接回车
IP MASK [255.255.255.0]: 255.255.255.192
填写子网掩码
GW IP Address [122.141.26.251]: 122.141.26.193
填写网关
Save loader config (108 bytes)... Done
The configured TFTP server is connected to port 1
Loading file "ssg140.6.2.0r3.0"...
R
导入需要几分钟时间
Receiving data block ...
#23280
Loaded Successfully! (size = 11,926,107 bytes)
Ignore image authentication!
Save to on-board flash disk? (y/[n]/m) Yes!
Saving system image to on-board flash disk...
Done! (size = 11,926,107 bytes)
Run downloaded system image? ([y]/n) Yes!
Start loading...
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.................................................................
.............
Done.
Juniper Networks, Inc
Security Services Gateway System Software
Copyright, 1996-2008
min_pfn = 13000, max_pfn = 1c000, mem_size = 1c000000
bootmap_size = 3800
Version 6.2.0r3.0
Load Manufacture Information ... Done
Initialize FBTL 0.. Done
Load NVRAM Information ... (5.4.0)Done
Install module init vectors
The device is storing the firmware into reserved flash sectors.
Please do not power off the device during this operation. Doing so could result in loss of firmware.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The device successfully completed the operation.
IXP23XX XScale Initialing ...
IXP23XX XScale Initialing ... Successfully!
Install modules (011c0000,01e1f150) ...
PPP IP-POOL initiated, 256 pools
Initializing DI 1.1.0-ns
System config (2019 bytes) loaded
Done.
Load System Configuration .....................................
Unsupported command - set zone "VLAN" block
..............................................................................................................................................Done
platform = 24, cpu = 12, version = 18
offset = 20, address = 5800000, size = 11926029
date = 18e6, sw_version = 31008000, cksum = dc34455c
Backup image...Done
system init done..
login: ethernet0/1 interface change physical state to Up
ethernet0/2 interface change physical state to Up
System change state to Active(1)
login: ys_admin
password:
SSG140-JL-CNC-> get system version
Encoding: 1
Version: 6.2.0.1.0.0.0.0
说明升级成功了
DM Version: 1