Hello I am pretty new to managing SRX 340 and 300. I was assigned by my manager to upgrade the SRX 300/340 firmware. I have a couple questions on upgrading.
Do I need to upgrade the main office first (SRX 340), then upgrade the remote branch (SRX 300)?
Or can I upgrade the remote branch first? Also, If i upgrade the remote branch SRX will the site to site vpn tunnel still work even though the main office SRX is still on the old firmware.
Can anyone please help me on where to start and also point me to any documentation on best practice for this?
I would suggest to start with branch device upgrading first before the main office later, site to site VPN should work absloutely fine as long as there is no modification of configuration.
Please find the below document that list step by step procedure of upgrade and preapartion.
The VPN configuration is independent from the Junos version running on the boxes hence upgrading the software should not break the VPN. I would suggest upgrading the branch SRX first and you could follow this document that takes in account the downloading of the package, some preparations steps and finally differents upgrade methods:
You can also confirm the recommended Junos version for your devices here, which is Junos 18.2R3-S1:
Also make sure to check the "Migration, Upgrade, and Downgrade Instructions" section of the Release Notes of the code you are moving to, looking for any special intructions for upgrading to that version. For instance for 18.2R3:
Hope this helps.
Thanks you for the suggestion and the links.
Your are very welcome; please mark the post as Resolved if you consider that it applies as such.