Junos OS

Hi Juniper Team,

I would like to upgrade the Juniper vSRX HA from 21R to a newer stable version (the vSRX is on IBM Cloud Portal). Could you please help me by answering the following questions?

1. What considerations should be taken for juniper/ibm account before performing the upgrade?
2. What are the possible methods for upgrading the OS (patch) of vSRX?
3. Will the current configuration of Juniper be preserved during the upgrade, or is there any risk of it being destroyed, removed, or lost?
4. Which new version is stable and fully compatible with all current Juniper configurations (e.g., VPN, SSL VPN, NAT [SNAT, DNAT], IPS/IDS, Routing Protocols, etc.)?

Please attach any relevant documents and configurations with your answers. Your assistance is greatly appreciated.

Hi Juniper Team,

I would like to upgrade the Juniper vSRX HA from 21R to a newer stable version (the vSRX is on IBM Cloud Portal). Could you please help me by answering the following questions?

1. What considerations should be taken for juniper/ibm account before performing the upgrade?
2. What are the possible methods for upgrading the OS (patch) of vSRX?
3. Will the current configuration of Juniper be preserved during the upgrade, or is there any risk of it being destroyed, removed, or lost?
4. Which new version is stable and fully compatible with all current Juniper configurations (e.g., VPN, SSL VPN, NAT [SNAT, DNAT], IPS/IDS, Routing Protocols, etc.)?

Please attach any relevant documents and configurations with your answers. Your assistance is greatly appreciated.

Hi there,

Hope you are doing great!

For the first 3 questions, this document will work for you as it has the answers about considerations, upgrade methods, and configuration considerations: Upgrading the vSRX Virtual Firewall in IBM Cloud.

Regarding the last question, currently the Juniper suggested release for vSRX 3.0 is Junos 23.4R2-S2, as it is the most stable release and it supports all those features: Junos Software Versions - Suggested Releases to Consider and Evaluate.

Kind regards,

JC.

Hi Juniper Team,

I would like to upgrade the Juniper vSRX HA from 21R to a newer stable version (the vSRX is on IBM Cloud Portal). Could you please help me by answering the following questions?

1. What considerations should be taken for juniper/ibm account before performing the upgrade?
2. What are the possible methods for upgrading the OS (patch) of vSRX?
3. Will the current configuration of Juniper be preserved during the upgrade, or is there any risk of it being destroyed, removed, or lost?
4. Which new version is stable and fully compatible with all current Juniper configurations (e.g., VPN, SSL VPN, NAT [SNAT, DNAT], IPS/IDS, Routing Protocols, etc.)?

Please attach any relevant documents and configurations with your answers. Your assistance is greatly appreciated.

Yes, well, in 23.4R2-S2, prepare to lose your radius authentication services: some devs at Juniper decided to mess everything up and throw the RFC out of the window...

https://supportportal.juniper.net/s/article/RADIUS-authentication-not-working-on-23-4R2-S2

------------------------------
Olivier Benghozi

Original Message:
Sent: 09-19-2024 18:43
From: Jeremias Carballo
Subject: Juniper vSRX HA OS upgrades from 21R to new stable version (vSRX is on IBM Cloud Portal)

Hi there,

Hope you are doing great!

For the first 3 questions, this document will work for you as it has the answers about considerations, upgrade methods, and configuration considerations: Upgrading the vSRX Virtual Firewall in IBM Cloud.

Regarding the last question, currently the Juniper suggested release for vSRX 3.0 is Junos 23.4R2-S2, as it is the most stable release and it supports all those features: Junos Software Versions - Suggested Releases to Consider and Evaluate.

Kind regards,

JC.

------------------------------
Jeremias Carballo

Original Message:
Sent: 09-19-2024 01:15
From: Anonymous
Subject: Juniper vSRX HA OS upgrades from 21R to new stable version (vSRX is on IBM Cloud Portal)

This message was posted by a user wishing to remain anonymous

Hi Juniper Team,

I would like to upgrade the Juniper vSRX HA from 21R to a newer stable version (the vSRX is on IBM Cloud Portal). Could you please help me by answering the following questions?

1. What considerations should be taken for juniper/ibm account before performing the upgrade?
2. What are the possible methods for upgrading the OS (patch) of vSRX?
3. Will the current configuration of Juniper be preserved during the upgrade, or is there any risk of it being destroyed, removed, or lost?
4. Which new version is stable and fully compatible with all current Juniper configurations (e.g., VPN, SSL VPN, NAT [SNAT, DNAT], IPS/IDS, Routing Protocols, etc.)?

Please attach any relevant documents and configurations with your answers. Your assistance is greatly appreciated.

Yes, well, in 23.4R2-S2, prepare to lose your radius authentication services: some devs at Juniper decided to mess everything up and throw the RFC out of the window...

https://supportportal.juniper.net/s/article/RADIUS-authentication-not-working-on-23-4R2-S2

Hi there,

Hope you are doing great!

For the first 3 questions, this document will work for you as it has the answers about considerations, upgrade methods, and configuration considerations: Upgrading the vSRX Virtual Firewall in IBM Cloud.

Regarding the last question, currently the Juniper suggested release for vSRX 3.0 is Junos 23.4R2-S2, as it is the most stable release and it supports all those features: Junos Software Versions - Suggested Releases to Consider and Evaluate.

Kind regards,

JC.

Hi Juniper Team,

I would like to upgrade the Juniper vSRX HA from 21R to a newer stable version (the vSRX is on IBM Cloud Portal). Could you please help me by answering the following questions?

1. What considerations should be taken for juniper/ibm account before performing the upgrade?
2. What are the possible methods for upgrading the OS (patch) of vSRX?
3. Will the current configuration of Juniper be preserved during the upgrade, or is there any risk of it being destroyed, removed, or lost?
4. Which new version is stable and fully compatible with all current Juniper configurations (e.g., VPN, SSL VPN, NAT [SNAT, DNAT], IPS/IDS, Routing Protocols, etc.)?

Please attach any relevant documents and configurations with your answers. Your assistance is greatly appreciated.

Hi,

Any know config knob to disable message authenticator check on the DUT ?
I found following "set system radius-server <server-ip> secret <secret> no-message-authenticator", but seems not to work for vSRX.

I suppose this radius change will affect all platforms?

Yes, well, in 23.4R2-S2, prepare to lose your radius authentication services: some devs at Juniper decided to mess everything up and throw the RFC out of the window...

https://supportportal.juniper.net/s/article/RADIUS-authentication-not-working-on-23-4R2-S2

Hi there,

Hope you are doing great!

For the first 3 questions, this document will work for you as it has the answers about considerations, upgrade methods, and configuration considerations: Upgrading the vSRX Virtual Firewall in IBM Cloud.

Regarding the last question, currently the Juniper suggested release for vSRX 3.0 is Junos 23.4R2-S2, as it is the most stable release and it supports all those features: Junos Software Versions - Suggested Releases to Consider and Evaluate.

Kind regards,

JC.

Hi Juniper Team,

I would like to upgrade the Juniper vSRX HA from 21R to a newer stable version (the vSRX is on IBM Cloud Portal). Could you please help me by answering the following questions?

1. What considerations should be taken for juniper/ibm account before performing the upgrade?
2. What are the possible methods for upgrading the OS (patch) of vSRX?
3. Will the current configuration of Juniper be preserved during the upgrade, or is there any risk of it being destroyed, removed, or lost?
4. Which new version is stable and fully compatible with all current Juniper configurations (e.g., VPN, SSL VPN, NAT [SNAT, DNAT], IPS/IDS, Routing Protocols, etc.)?

Please attach any relevant documents and configurations with your answers. Your assistance is greatly appreciated.

All platforms, yes. We discovered this on an EX.

Just complain to your Juniper representative, I guess.

Hi,

Any know config knob to disable message authenticator check on the DUT ?
I found following "set system radius-server <server-ip> secret <secret> no-message-authenticator", but seems not to work for vSRX.

I suppose this radius change will affect all platforms?

Yes, well, in 23.4R2-S2, prepare to lose your radius authentication services: some devs at Juniper decided to mess everything up and throw the RFC out of the window...

https://supportportal.juniper.net/s/article/RADIUS-authentication-not-working-on-23-4R2-S2

Hi there,

Hope you are doing great!

For the first 3 questions, this document will work for you as it has the answers about considerations, upgrade methods, and configuration considerations: Upgrading the vSRX Virtual Firewall in IBM Cloud.

Regarding the last question, currently the Juniper suggested release for vSRX 3.0 is Junos 23.4R2-S2, as it is the most stable release and it supports all those features: Junos Software Versions - Suggested Releases to Consider and Evaluate.

Kind regards,

JC.

Hi Juniper Team,

I would like to upgrade the Juniper vSRX HA from 21R to a newer stable version (the vSRX is on IBM Cloud Portal). Could you please help me by answering the following questions?

1. What considerations should be taken for juniper/ibm account before performing the upgrade?
2. What are the possible methods for upgrading the OS (patch) of vSRX?
3. Will the current configuration of Juniper be preserved during the upgrade, or is there any risk of it being destroyed, removed, or lost?
4. Which new version is stable and fully compatible with all current Juniper configurations (e.g., VPN, SSL VPN, NAT [SNAT, DNAT], IPS/IDS, Routing Protocols, etc.)?

Please attach any relevant documents and configurations with your answers. Your assistance is greatly appreciated.