For security purposes, the ScreenOS to JUNOS software with enhanced services migration tool does not include the encrypted passwords for users from the ScreenOS configuration in the migrated configuration file. The Migration Tool creates a random clear-text password for each user and includes that random password in the migrated configuration file. If you do not change any user passwords in the migrated configuration file, these random passwords are encrypted after you copy the file to the router and commit the configuration.
Editing the Migrated Configuration File 55 To define your own user passwords, you need to edit the migrated configuration
before you copy it to the router. At a minimum, you must define the following:
Root user and password
One local user and password (because you cannot by default log in as root using a Telnet or SSH session)
If you have a valid JUNOS configuration file, you can copy the encrypted passwords for the root user and one local user account when editing the migrated
configuration file. If you do not have a valid JUNOS configuration file, replace the clear-text passwords in the migrated configuration file.
If the original ScreenOS configuration contained encrypted keys, such as preshared keys for IKE policy authentication, the keys are not included in the migrated configuration file and are replaced by ASCII text. For example, a preshared key for IKE policy authentication in the migrated configuration file contains the following ASCII text: “Pre Shared Key MUST be changed to become valid.” You must replace the ASCII text with each actual preshared key. The keys are encrypted when you copy the migrated configuration file to the router and commit the configuration.
To edit the migrated configuration file:
1. On your system, open the migrated configuration file in a text editor.
2. If you have a valid JUNOS configuration file that contains encrypted passwords for the root user and a local user account:
a. Open the valid JUNOS configuration file and copy the encrypted-password statement for the root user. This statement is located at the [system root-authentication] hierarchy level.
b. In the migrated configuration file, replace the plain-text-password-value statement for the root user with the encrypted-password statement from the JUNOS configuration file.
c. In the JUNOS configuration file, replace the clear-text password in the plain-text-password statement for the root user with the password you want to define. This statement is located at the [system root-authentication]
hierarchy level.
d. In the migrated configuration file, replace the plain-text-password-value statement for the local user with the encrypted-password statement from the JUNOS configuration file.
3. If you do not have a valid JUNOS configuration file:
a. In the migrated configuration file, replace the clear-text password in the plain-text-password statement for the root user with password you want to define. This statement is located at the [system root-authentication]
hierarchy level.
56 Editing the Migrated Configuration File
b. In the migrated configuration file, replace the clear-text password in the plain-text-password statement for the local user with password you want to define. This statement is located at the [system login user username authentication] hierarchy level.
4. Replace the ASCII text for any encrypted keys with the actual keys.
For example, replace the ASCII text for any preshared keys for IKE policy authentication with the actual preshared key. The keys are encrypted when you upload the file to the router and commit the configuration.
5. Save the migrated configuration file.
You are now ready to upload the migrated configuration file to the router. For more information, see “Uploading the Migrated Configuration File to the Router” on page 37.
57 You can convert certain J Series Services Routers running JUNOS or JUNOS software
with enhanced services to SSG security devices with the appropriate conversion kit (see Table 9).
Use the appropriate conversion kit in the following situations:
Convert a J Series Services Router to an SSG security device.
After converting an SSG security device to a J Series Services Router and registering the new hardware configuration, convert the J Series router back to an SSG security device.
For information about converting J Series Services Routers to SSG security devices, see the documentation included with your conversion kit.
Table 9: Convertible J Series Hardware and Software Services Router with
JUNOS 8.3 or Later
Conversion Kit (if applicable)
Resulting SSG Security Device (if applicable)
J2320 J2320-SSG-CONV-S SSG 320M
J2350 J2350-SSG-CONV-S SSG 350M
J4350 J4350-SSG-CONV-S SSG 520M
J6350 J6350-SSG-CONV-S SSG 550M
58
Backing Up and Replacing the JUNOS Software with Enhanced Services Configuration 59 When you install JUNOS software with enhanced services, the router creates a
backup image of the software that was previously installed, as well as installing the requested software.
If you migrated JUNOS Software to JUNOS software with enhanced services, you can downgrade the software by using the backup image of the software that was previously installed, which is saved on the router. If you revert to the previous image, this backup image is used, and the image of the running software is deleted.
With this method, you can downgrade to only the software release that was installed on the router before the current release.
If the software backup image that was previously installed does not exist on the router, use the procedures in “Installing JUNOS Software with Enhanced Services with the CLI” on page 13 and specify a JUNOS Software image as the source image to be upgraded.
This chapter contains the following sections:
Backing Up and Replacing the JUNOS Software with Enhanced Services