ScreenOS | JUNOS | Notes |
Session & Interface counters | | |
get session | > show security flow session | |
get interface | > show interface terse | |
get counter stat get counter stat <interface> | > show interface extensive > show interface <interface> extensive | |
clear counter stat | > clear interface statistics <interface> | |
Debug & Snoop | | |
debug flow basic | # edit security flow # set traceoptions flag basic-datapath # commit | -creates debugs in default file name: /var/log/security-trace See KB16108 for traceoptions info. |
set ff | # edit security flow # set traceoptions packet-filter | Packet-drop is a feature that will be added |
get ff | > show configuration | match packet-filter | display set | |
get debug | > show configuration | match traceoptions | display set | |
get db stream | View stored log: (recommended option) > show log <file name> (enter h to see help options) > show log security-trace (to view 'security flow' debugs) > show log kmd (to view 'security ike' debugs) View real-time: (use this option with caution) > monitor start <debugfilename> ESC-Q (to pause real-time output to screen) | ‘monitor stop' stops real-time view , but debugs are still collected in log files |
clear db | > clear log <filename> (clears contents of file) | Use ‘file delete <filename> to actually delete file> |
undebug <debug> (stops collecting debugs) | # edit security flow # deactivate traceoptions OR # delete traceoptions (at the particular hierarchy) # commit | Deactivate makes it easier to enable/disable. Use activate traceoptions to activate. |
undebug all | Not available. You need to deactivate or delete traceoptions separately. | |
debug ike detail | # edit security ike # set traceoptions flag ike # commit | -creates debugs in default file name: kmd |
snoop (packets THRU the JUNOS device) | Use Packet Capture feature:http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-admin-guide/config-pcap-chapter.html#config-pcap-chapter | - Not supported on SRX 3x00/5x00 yet |
snoop (packets TO the JUNOS device) | > monitor traffic interface <int> layer2-headers write-file option (hidden) read-file (hidden) | -Only captures traffic destined for the RE of router itself. - Excludes PING . |
Event Logs | | |
get event | > show log messages > show log messages | last 20 (helpful cmd because newest log entries are at end of file) | |
get event | include <string> | > show log messages | match <string> > show log messages | match “<string> | <string> | <string>” Examples: > show log messages | match “error | kernel | panic” > show log messages | last 20 | find error | Note: There is not an equivalent command for ‘get event include <string>'.
match displays only the lines that contains the string
find displays output starting from the first occurrence of the string |
clear event | > clear log messages | |
| > show log | |
Config & Software upgrade | | |
get config | > show config (program structured format) > show config | display set (set command format) | |
get license | > show system license keys | |
get chassis (serial numbers) | > show chassis hardware detail | > show chas environment > show chas routing-engine |
exec license | > request system license [add | delete |save] | |
unset all reset | load factory-default set system root-authentication plain-text-passsword commit and-quit request system reboot | See KB15725. |
load config from tftp <tftp_server> <configfile> | > start shell and FTP config to router, i.e. /var/tmp/test.cfg. Then # load override /var/tmp/test.cfg (or full path of config file) | -TFTP is not supported. Use only FTP, HTTP, or SCP. |
load software from tftp <tftp_server> <screenosimage> to flash | > request system software add Example: request system software add ftp:10.10.10.129/jsr/junos-srxsme-9.5R1.8-domestic.tgz reboot | -TFTP is not supported. Use only FTP. HTTP, or SCP. -Use ‘request system software rollback' to rollback to previous s/w package See KB16652. |
save | # commit OR # commit and-quit | |
reset | > request system reboot | |
Policy | | |
get policy | > show security policies | |
get policy from <zone> to <zone> | > show security policies from <zone> to <zone> | |
VPN | | |
get ike cookie | > show security ike security-associations | |
get sa | > show security ipsec security-associations | > show security ipsec stat |
clear ike cookie | > clear security ike security-associations | |
clear sa | > clear security ipsec security-associations | |
NSRP | | |
get nsrp | > show chassis cluster status > show chassis cluster interfaces > show chassis cluster status redundancy-group <group> | |
exec nsrp vsd <vsd> mode backup (on master) see KB5885 | > request chassis cluster failover redundancy-group <group> node <node> | |
| > request chassis cluster failover reset redundancy-group <group> | |
DHCP | | |
get dhcp client | > show system services dhcp client | See KB15753. |
exec dhcp client <int> renew | > request system services dhcp renew (or release) | |
Routing | | |
get route | > show route | |
get route ip <ipaddress> | > show route <ipaddress> | |
get vr untrust-vr route | > show route instance untrust-vr | |
get ospf nei | > show ospf neighbor | |
set route 0.0.0.0/0 interface <int> gateway <ip> | # set routing-options static route 0.0.0.0/0 next-hop <ip> | See KB16572. |
NAT | | |
get vip | > show security nat destination-nat summary | |
get mip | > show security nat static-nat summary | |
get dip | > show security nat source-nat summary > show security nat source-nat pool <pool> | |
Other | | |
get perf cpu | > show chassis routing-engine | |
get net-pak s | > show system buffers | |
get file | > show system storage | |
get alg | > show configuration groups junos-defaults applications | All pre-defined applications are located within the hidden group junos-defaults. If any ALGs are applied to the pre-defined applications, they will also be displayed with this command. |
get service | > show configuration groups junos-defaults applications | |
get tech | > request support information | |
set console page 0 | > set cli screen-length 0 | |
| | |
| > file list <path> Example: file list /var/tmp/ | Shows directory listing. Note that / is needed at end of path |
| | |
| # = configuration mode prompt | |
| > = operational mode prompt | |