Junos OS 14.1R4

Product Affected:

M-series, MX-series, T-series, PTX-series, EX-Series

Alert Description:

Junos OS 14.1R4 is now available.

Solution:

Consult Release Notes:
For new and changed features, changes in behavior, known behavior and issues, resolved issues, and more, refer to:

Release Notes for Junos OS 14.1R4
HTML

PDF

Download Junos OS Software:

1. Go to Junos Platforms - Download Software page.
2. Select your product.
3. Under 'Version' on the right, select your version.
4. Click the "Software" tab.
5. Select the Install Package Release needed, and follow the prompts.

Junos: Boot from USB and Recovering from a Failed Software Upgrade

If the Junos software loads but the CLI is not working for any reason, or if the switch has no software installed, you can use this recovery installation procedure to install the Junos software.

If there is already a Junos image on the system, you can either install the new Junos package in a separate partition and both Junos images will remain on the system, or you can wipe the disk clean before the new installation proceeds.

To perform a recovery installation: Power on the switch.

1. The loader script starts. 
2. After the Loading /boot/defaults/loader.conf displays, you are prompted with: Hit [Enter] to boot immediately, or space bar for command prompt. 
3. Hit the space bar to enter the manual loader. The loader> prompt displays. (NOTE: There is a 1 second delay for hitting the space bar) 
4. Enter the following command: 

                         install source
Where: source: Represents the name and location of the Junos software package either on a server on the network or as a file on an external USB drive:

•  Network address of the server and the path on the server. 

Example: tftp://192.17.1.28/junos/jinstall-ex-3200-10.0S1.1-domestic-signed.tgz

• The Junos package on a USB device is commonly stored in the root drive as the only file. Example: file:///jinstall-ex-3200-10.0S1.1-domestic-signed.tgz 

The installation proceeds as normal and ends with a login prompt.

Signature Update Service (SUS) IP address change

Juniper is moving their Signature Update Services (SUS) to a more robust distributed environment on 21 February 2015.  As a part of this change the current IP address for the service will no longer be valid and could affect the ability of Juniper SSG, NS5000, ISG, and SRX products to update their signature files.  All SSG, NS5000, ISG, and SRX products should be examined to insure they are accessing the SUS service via a URL and not the IP address.

 
Solution:
SSG, NS5000, ISG, and SRX products should be accessing the Signature Update Services (SUS) by connecting to the URL https://services.netscreen.com or https://signatures.juniper.net.  If they are configured to access the SUS through one of these URLs, they will not be affected and will continue to access the new service without interruption on and after 21 February 2015.

If the Juniper SSG, NS5000, ISG, and SRX product has been configured to use only an IP address (66.129.230.99 or 66.129.230.83), they will fail to be able update their signatures after 21 February 2015.

To prevent a failure of your firewalls not being able to update signatures after 21 February 2015, please check the configurations in each unit and change any configuration using the IP addresses to the correct URL as noted below:

• IP Address 66.129.230.99 should be replaced by URL:  https://services.netscreen.com
• IP Address 66.129.230.83 should be replaced by URL:  https://signatures.juniper.net

This change is critical because the new service is designed to be redundant and operate from multiple locations. Removing the dependency on a fixed IP address will improve resiliency of the service.