Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Junos® OS Software Installation and Upgrade Guide Install, Upgrade, or Downgrade for Junos OS Software Install Software on Firewalls

Junos® OS Software Installation and Upgrade Guide

Junos OS Junos OS Evolved
keyboard_arrow_up
close
keyboard_arrow_left
Junos® OS Software Installation and Upgrade Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Configure Root Partitions on SRX Series Devices

date_range 28-Mar-25
arrow_backward
arrow_forward

Learn how to configure root partitions on SRX Series Firewalls, including the benefits of dual-root partitioning for improved reliability and recovery. This topic covers the boot process, automatic recovery with the auto-snapshot feature, and steps to reinstall single-root partitioning for older Junos OS versions.

Dual-Root Partition Scheme on SRX Series Firewalls

Dual-root partitioning allows the SRX Series Firewall to remain functional even if there is file system corruption and to facilitate easy recovery of the file system.

In the Single-root partitioning scheme, since both the primary and backup Junos OS images are located on the same root partition, the system fails to boot if there is corruption in the root file system. The dual-root partitioning scheme guards against this scenario by keeping the primary and backup Junos OS images in two independently bootable root partitions. If the primary root partition becomes corrupted, the system can still boot from the backup Junos OS image located in the other root partition and remain fully functional.

Boot Media and Boot Partition on SRX Series Firewalls

When the SRX Series Firewall powers on, it tries to boot the Junos OS from the default storage media. If the device fails to boot from the default storage media, it tries to boot from the alternate storage media.

Use Feature Explorer to confirm platform and release support for specific features.

Review the Platform-Specific Storage Media Behavior section for notes related to your platform.

With the dual-root partitioning scheme, the SRX Series Firewall first tries to boot Junos OS from the primary root partition and then from the backup root partition on the default storage media. If both primary and backup root partitions of a media fail to boot, then the SRX Series Firewall tries to boot from the next available type of storage media. The SRX Series Firewall remains fully functional even if it boots Junos OS from the backup root partition of the storage media.

Key Functionality of the Dual-Root Partitioning Scheme

The dual-root partitioning scheme has the following important features:

  • The primary and backup copies of Junos OS images reside in separate partitions. The partition containing the backup copy is mounted only when required. With the single-root partitioning scheme, there is one root partition that contains both the primary and the backup Junos OS images.

  • The request system software add command for a Junos OS package erases the contents of the other root partition. The contents of the other root partition will not be valid unless software installation is completed successfully.

  • Add-on packages, such as jais or jfirmware, can be reinstalled as required after a new Junos OS image is installed.

  • The request system software rollback command does not delete the current Junos OS image. It is possible to switch back to the image by issuing the rollback command again.

  • The request system software delete-backup and request system software validate commands do not take any action.

Automatic Recovery of the Primary Junos OS Image with Dual-Root Partitioning

The auto-snapshot feature repairs the corrupted primary root when the device reboots from the alternate root. This is accomplished by taking a snapshot of the alternate root onto the primary root automatically rather than manually from the CLI.

When this feature is enabled, and the device reboots from the alternate root (because of a corrupted primary root or power cycle during restart), the following actions take place:

  1. A prominent message is displayed indicating a failure to boot from the primary root.

    content_copy zoom_out_map
    ***********************************************************************
**                                                                   **
**  WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE      **
**                                                                   **
**  It is possible that the primary copy of JUNOS failed to boot up  **
**  properly, and so this device has booted from the backup copy.    **
**                                                                   **
**  Please re-install JUNOS to recover the primary copy in case      **
**  it has been corrupted and if auto-snapshot feature is not        **
**  enabled.                                                         **
**                                                                   **
***********************************************************************

  2. A system boot from backup root alarm is set. This is useful for devices that do not have console access.

  3. A snapshot of the alternate root onto the primary root is made.

  4. Once the snapshot is complete, the system boot from backup root alarm is cleared.

  5. During the next reboot, the system determines the good image on the primary root and boots normally. Perform the snapshot once all the processes start. This is done to avoid any increase in the reboot time.

  6. By default the auto-snapshot feature is disabled. If you do not maintain the same version of Junos OS in both partitions, ensure that the automatic snapshot feature remains disabled. Otherwise, if you have an earlier version of Junos OS in the alternate partition and the system reboots from the alternate root partition, the automatic snapshot feature causes the later Junos OS version to be replaced with the earlier version. When automatic snapshot is disabled and the system reboots from the alternate root partition, it triggers an alarm indicating that the system has rebooted from its alternate partition.

Enable this feature with the set system auto-snapshot command. Once the primary root partition is recovered using this method, the device will successfully boot from the primary root partition on the next reboot.

Execute the delete system auto-snapshot command to delete all backed up data and disable auto-snapshot, if required.

Use the show system auto-snapshot command to check the auto-snapshot status.

When auto-snapshot is in progress, you cannot run a manual snapshot command concurrently and the following error message appears:

content_copy zoom_out_map
Snapshot already in progress. Please try after sometime.

If you log into the device when the snapshot is in progress, the following banner appears: The device has booted from the alternate partition, auto-snapshot is in progress.

How the Primary Junos OS Image with Dual-Root Partitioning Recovers Devices

If the SRX Series Firewall is unable to boot from the primary Junos OS image, and boots up from the backup Junos OS image in the backup root partition, a message appears on the console at the time of login indicating that the device has booted from the backup Junos OS image.

content_copy zoom_out_map
    login: user

    Password:

    ***********************************************************************

    **                                                                   **

    **  WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE      **

    **                                                                   **

    **  It is possible that the active copy of JUNOS failed to boot up   **

    **  properly, and so this device has booted from the backup copy.    **

    **                                                                   **

    **  Please re-install JUNOS to recover the active copy in case       **

    **  it has been corrupted.                                           **

    **                                                                   **

    ***********************************************************************

Because the system is left with only one functional root partition, you must immediately restore the primary Junos OS image using one of the following methods:

  • Install a new image using the CLI or J-Web user interface. The newly installed image will become the primary image, and the device will boot from it on the next reboot.

  • Use a snapshot of the backup root partition by entering the request system snapshot slice alternate command. Once the primary root partition is recovered using this method, the device will successfully boot from the primary root partition on the next reboot. After the procedure, the primary root partition will contain the same version of Junos OS as the backup root partition. Once the snapshot is complete, the system boot from backup root alarm is cleared.

    You can use the CLI command request system snapshot slice alternate to back up the currently running root file system (primary or secondary) to the other root partition on the system along with following:

    • Save an image of the primary root partition in the backup root partition when the system boots from the primary root partition.

    • Save an image of the backup root partition in the primary root partition when the system boots from the backup root partition.

    The process of restoring the alternate root by using the CLI command request system snapshot slice alternate takes several minutes to complete. If you terminate the operation before completion, the alternate root might not have all required contents to function properly.

How Junos OS Release 10.0 or Later Upgrades with Dual-Root Partitioning

To format the media with dual-root partitioning while upgrading to Junos OS Release 10.0 or later, use one of the following installation methods:

Dual-Root and Single-Root Partitioning (SRX Series Only)

Junos OS upgrade methods format the internal media before installation, whereas other methods do not. To install Junos OS Release with the dual-root partitioning scheme, you must use an upgrade method that formats the internal media before installation.

These upgrade methods format the internal media before installation:

  • Installation from the boot loader using a TFTP server

  • Installation from the boot loader using a USB storage device

  • Installation from the CLI using the partition option (available in Junos OS Release 10.0)

  • Installation using the J-Web user interface

These upgrade methods retain the existing partitioning scheme:

  • Installation using the CLI

  • Installation using the J-Web user interface

Upgrade methods that format the internal media before installation wipe out the existing contents of the media. Only the current configuration is preserved. Any important data must be backed up before starting the process.

Once the media has been formatted with the dual-root partitioning scheme, you can use conventional CLI or J-Web user interface installation methods, which retain the existing partitioning and contents of the media, for subsequent upgrades.

Reinstall Single-Root Partition on SRX Series Firewalls

To reinstall the single-root partition on SRX firewalls, you need to consider the compatibility between Junos OS versions and partitioning schemes. Junos OS 9.6 and earlier only supports single-root partitioning, while later versions use dual-root partitioning. If you attempt to install Junos OS 9.6 or earlier on a device with dual-root partitioning without reformatting, the installation will fail with an error.

To reinstall the single-root partition:

  1. Reformat the Media:To install Junos OS on a dual-root system, you must reformat the media with single-root partitioning. Use the following command:

    user@host>request system software add partition

  2. Reboot the device: After the installation, reboot the firewall by entering:

    user@host>request system reboot

    The previous software version gets installed after rebooting the device.

    Using the partition option erases the dual-root partitioning scheme, which removes its benefits, such as improved rollback and recovery features.

Platform-Specific Storage Media Behavior

Use Feature Explorer to confirm platform and release support for specific features.

Use the following table to review platform-specific storage media behaviors for your platform:

Platform

Difference

SRX Series

  • SRX300, SRX320, SRX340 and SRX345 devices support eUSB disk (default; always present) and USB storage device (alternate).

  • SRX380 device supports internal SSD (default, always present) and USB storage device (alternate).

  • SRX300, SRX320, SRX340, SRX345, and SRX380 devices support auto-snapshot feature.

Related Documentation

arrow_backward PREVIOUS Installing Software on SRX Series Devices
NEXT arrow_forward Veriexec Overview
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top