Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  Juniper vSRX HA OS upgrades from 21R to new stable version (vSRX is on IBM Cloud Portal)

    This message was posted by a user wishing to remain anonymous
    Posted 21 days ago
    This message was posted by a user wishing to remain anonymous

    Hi Juniper Team,

    I would like to upgrade the Juniper vSRX HA from 21R to a newer stable version (the vSRX is on IBM Cloud Portal). Could you please help me by answering the following questions?

    1. What considerations should be taken for juniper/ibm account before performing the upgrade?
    2. What are the possible methods for upgrading the OS (patch) of vSRX?
    3. Will the current configuration of Juniper be preserved during the upgrade, or is there any risk of it being destroyed, removed, or lost?
    4. Which new version is stable and fully compatible with all current Juniper configurations (e.g., VPN, SSL VPN, NAT [SNAT, DNAT], IPS/IDS, Routing Protocols, etc.)?

    Please attach any relevant documents and configurations with your answers. Your assistance is greatly appreciated.




  • 2.  RE: Juniper vSRX HA OS upgrades from 21R to new stable version (vSRX is on IBM Cloud Portal)

    Posted 20 days ago

    Hi there,

    Hope you are doing great!

    For the first 3 questions, this document will work for you as it has the answers about considerations, upgrade methods, and configuration considerations: Upgrading the vSRX Virtual Firewall in IBM Cloud.

    Regarding the last question, currently the Juniper suggested release for vSRX 3.0 is Junos 23.4R2-S2, as it is the most stable release and it supports all those features: Junos Software Versions - Suggested Releases to Consider and Evaluate.

    Kind regards,

    JC.




  • 3.  RE: Juniper vSRX HA OS upgrades from 21R to new stable version (vSRX is on IBM Cloud Portal)

    Posted 20 days ago

    Hi there,

    Hope you are doing great!

    For the first 3 questions, this document will work for you as it has the answers about considerations, upgrade methods, and configuration considerations: Upgrading the vSRX Virtual Firewall in IBM Cloud.

    Regarding the last question, currently the Juniper suggested release for vSRX 3.0 is Junos 23.4R2-S2, as it is the most stable release and it supports all those features: Junos Software Versions - Suggested Releases to Consider and Evaluate.

    Kind regards,

    JC.



    ------------------------------
    Jeremias Carballo
    ------------------------------



  • 4.  RE: Juniper vSRX HA OS upgrades from 21R to new stable version (vSRX is on IBM Cloud Portal)

    Posted 19 days ago

    Yes, well, in 23.4R2-S2, prepare to lose your radius authentication services: some devs at Juniper decided to mess everything up and throw the RFC out of the window...

    https://supportportal.juniper.net/s/article/RADIUS-authentication-not-working-on-23-4R2-S2



    ------------------------------
    Olivier Benghozi
    ------------------------------



  • 5.  RE: Juniper vSRX HA OS upgrades from 21R to new stable version (vSRX is on IBM Cloud Portal)

    Posted 19 days ago
    Edited by bkamen 18 days ago

    Shocker. 

    This is a primary reason why testing releases on (as close to) real hardware of the target environment is so critical. 

    From one release to the next, you never know what Juniper is going to break. 
    Wading through the horridly incomplete or incomprehensible documentation/knowledgebase never prepares you for the lurking surprises. 

    meanwhile Juniper is all like, "update!update!update!" --- as if we have nothing else on our ToDo List of priorities. 
    They're so insulated from the realities of production environments and overworked IT staff. 

    (sigh)



    ------------------------------
    Ben Kamen
    ------------------------------



  • 6.  RE: Juniper vSRX HA OS upgrades from 21R to new stable version (vSRX is on IBM Cloud Portal)

    Posted 18 days ago

    Hi,

    Any know config knob to disable message authenticator check on the DUT ?
    I found following "set system radius-server <server-ip> secret <secret> no-message-authenticator", but seems not to work for vSRX.

    I suppose this radius change will affect all platforms?



    ------------------------------
    Kalle Andersson
    ------------------------------



  • 7.  RE: Juniper vSRX HA OS upgrades from 21R to new stable version (vSRX is on IBM Cloud Portal)

    Posted 18 days ago

    All platforms, yes. We discovered this on an EX.

    Just complain to your Juniper representative, I guess.



    ------------------------------
    Olivier Benghozi
    ------------------------------