I downloaded the TFTP server for Windows from Solar Winds, it is free to use. Copy the new firmware to the default path of the TFTP server, which is c:\TFTP-Root.

Follow the instructions to upgrade via CLI below. This is an excerpt from Junipers knowledge base.

How to upgrade or downgrade ScreenOS using either the WebUI or CLI

Synopsis:

Steps to upgrade or downgrade ScreenOS from the WebUI and CLI

Problem:

Basic steps for upgrading or downgrading ScreenOS

Solution:

Below is the basic guideline for the upgrading or downgrading ScreenOS. For a complete guide, including requirements and restrictions, consult the Migration Procedure section in the ScreenOS release notes (for ScreenOS 5.3 and 5.4) or the ScreenOS Migration Guide (for ScreenOS 5.2 and earlier).

Upgrading / Downgrading from the WebUI
( click here for CLI instructions )

Perform the following steps to upgrade the firmware using the WebUI:

Save Configuration file

Caution! Before upgrading or downgrading a security device, save the existing configuration file to avoid losing any data.

Log in to the security device by opening a Web browser and then entering the Management IP address in the Address field. Log in as the root admin or an admin with read-write privileges.

Save the existing configuration:
Go to Configuration > Update > Config File, and then click Save to File
In the File Download dialog box, click Save.
Navigate to the location where you want to save the configuration file (cfg.txt), and then click Save.
Upgrading or downgrading Firmware

Go to Configuration > Update > ScreenOS/Keys and select Firmware Update.

Click Browse to navigate to the location of the firmware “xxxxx.5.0.0r10’
(where xxxx corresponds to the device model) or type the path to its location in the Load File field.

Click Apply.

Click OK to continue.
The security device restarts automatically. The upgrade or downgrade is complete when the device displays the login page in the browser.
Note: This process takes some time. DO NOT click Cancel or the upgrade /downgrade will fail. If you click Cancel and the upgrade fails, power off the device and then power it on again. Restart the upgrade procedure from step 2.

Log in to the security device. You can verify the version of the security device ScreenOS firmware in the Device Information section of the WebUI Home page.
Upgrading to the New ScreenOS Firmware

Go to Configuration > Update > ScreenOS/Keys and select Firmware Update.

Click Browse to navigate to the location of the new ScreenOS firmware or type the path to its location in the Load File field.

Click Apply.
A message box appears with information.

Click OK to continue.
The security device restarts automatically. The upgrade is complete when the device displays the login page in the browser.

Log in to the security device. You can verify the version of the security device ScreenOS firmware in the Device Information section of the WebUI Home page.

Upgrading/Downgrading from the CLI
Perform the following steps to upgrade or downgrade the firmware using the CLI:

Make sure that you have the ScreenOS firmware “xxxx.5.0.0r10” (where xxxx corresponds to the device model).

Run the TFTP server on your computer by double-clicking on the TFTP server application.

Log in to the security device using an application such as Telnet or Secure Shell (SSH) or Hyper Terminal if directly connected through the console port. Log in as the root admin or an admin with read-write privileges.

Save the existing configuration by executing the command:
save config to { flash | slot1 | tftp }…

On the security device, enter the following command:
save soft from tftp ip_addr filename to flash
where:
ip_addr is the IP address of your computer
filename is the name of the ScreenOS firmware.

When the upgrade or downgrade is complete, you must reset the security device.
Execute the reset command and enter y at the prompt to reset the device.

Wait a few minutes, and then log in to the security device again.

Use the get system command to verify the version of the security device ScreenOS firmware.

Upload the configuration file that you saved in step 3 by executing the command:
save config to { flash | slot1 | tftp }…
Note: when downgrading from major release you might have to run exec downgrade command before reset. Please check the Migration Guide for details.

There are many ways to achieve this, NAT, VIP, MIP etc. In this article I will explain NAT (natting) on a Cisco PIX, ASA or router.

First you need to log onto the firewall or router. Enter en (enable) to get into the privilege mode, you will then be prompted for the password. Enter Config T to get into the configure terminal mode. You can now start confguring the network appliance.

Below is what your should see in the running config after you complete the configuration.

static (inside,outside) 172.210.10.10 11.12.13.10 netmask 255.255.255.255 0 0

The above line means that the IP address 172.210.10.10 (outside interface) is mapped to 11.12.13.10 (inside interface). Clients in the outside interface will connect to resources on 11.12.13.10 by referencing the natted (NAT) IP 172.210.10.10.

You also need to configure the access list or policy to allow traffic from the outside interface to flow into the inside interface. The access list then needs to be applied to the outside intefrace.

access-list Allowed_Traffic permit tcp host any host 172.210.10.10 eq www log

The above means that the name of the access list is Allowed_Traffic. Permit TCP traffic from any host to 172.210.10.10, only allow if service request is for www (TCP port 80), and log all traffic.

You then need to apply the access list to the outside interface.

access-group Allowed_Traffic in interface outside

22 Secure Shell, SSH
23 Telnet
80 http
443 https
161 SNMP
3668 Virtual Media Server
5900 Console Redirection
5901 Console Redirection

If you have a firewall in between you and the server, ensure that you have the above ports opened.

At the scheduled 1 a.m. eatern time, I dialed into the conference bridge and connected with 3 other parties.  This was a new circuit we were trying to implement from Phoenix to New Jersey.  I am in Toronto, Ontario and the rest of the people were in the US.  The circuit was a frame-relay circuit, CIR of 64k and burstable to 128k, good old reliable frame-relay but pain in the behind to implement and configure.

Anyhow, what I really wanted to discuss here is NAT (network address translation).  NAT hides the real source of IP address and converts it to a different IP.  For excample if you have multiple computers that want to share one single internet connection, you can do this with NAT.  Your ISP assigns you one public IP, but you have more than one computer that accesses the internet.  You will need to purchase a router to share the internet connection, if you do not have a router there are other ways to do this as well. 

How does NAT work?  Well in the above example, say computer A is 10.0.0.2 and computer B is 10.0.0.3.  The router is connected to the internet and has a public ip of 70.64.238.1.  When computer A accessing www.cupidpost.com, via the router, the router will translate the ip address 10.0.0.2 to 70.64.238.1 and direct the connection to www.cupidpost.com.  If computer B accessing the internet at the same time a computer A, the router will translate the IP 10.0.0.3 to 70.64.238.1 as well.