Search the Site

 

Top
Blog

My Social
Services
Meta
Powered by Squarespace
« Dissecting SRX RT_FLOW Logs with Splunk | Main | Configure SSL Certificate for Juniper J-Web Interface »
Friday
Mar112011

Usefull Juniper SRX commands

DateFriday, March 11, 2011 at 11:27

This post contains several useful Junos SRX commands for the CLI. Mainly for myself, because I don't use those command regularly....

This post will be updated over time... Here it goes:

View session information:

root@srx100> show security flow session summary

Clear sessions through the firewall:

root@srx100> clear security flow session all

Switch to other node in a cluster via CLI (over the HA-link):

 root@srx100> request routing-engine login node 1

For High End devices, the command will be from shell:

% rlogin -Jk -T node1

View the config in set commands instead of the default hierarchy view:

root@srx100> show configuration | display set

Setting the correct logfile settings from the CLI (which is name-sensitive):

[edit]
root@srx100# set system syslog file policy_session user info
root@srx100# set system syslog file policy_session match RT_FLOW
root@srx100# set system syslog file policy_session archive size 1000k
root@srx100# set system syslog file policy_session archive world-readable
root@srx100# set system syslog file policy_session structured-data

Load the set commands through the CLI. After pasting them, use CTRL-D to end the insertion of commands. A commit is still needed to commit the changes.

root@srx100# load set terminal
root@srx100# <CTRL-D to end>
root@srx100# <paste the set commands>

Monitor activity from the CLI (assuming that you have configured the logging part):

root@srx100> monitor start policy_session

This will start scrolling the logging in real-time on the screen. To stop this, you need to enter the following (while your screen looks like a mess due to the scrolling log information):

root@srx100> monitor stop

Replace strings in your config (e.g. globally change an IP address which is used several times):

[edit]
root@srx100# replace pattern 192.168.0.1 with 192.168.1.1

View the changes before you commit the configuration:

[edit]
root@srx100# show | compare rollback 0

Save the rescue configuration (clearing the alarm LED on the device):

root@srx100> request system configuration rescue save

Restoring the rescue configuration:

[edit]
root@srx100# rollback rescue  
load complete

[edit]
root@srx100# commit

AuthorWillem | CommentPost a Comment |
tagged , , in ,

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
Alert
Comment Moderation Is Enabled
Thanks to your local Internet comment spammer, your comments will be screened before they will be displayed. We're sincerely sorry for the inconvenience, but we're sure that you'll understand. Happy commenting :-)

Notify me of follow-up comments via email.