Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

SRX

paging

set cli screen-length 0

Policy Searching

> show config (program structured format)
> show config | display set (set command format)
> show config | display set | match >something<

Save Config

# commit OR
# commit and-quit

Reboot

> request system reboot

Licenses

> show system license keys

Test

ping <dest> routing-instance <source zone> <ip>
show security policies hit-count

shows

show configuration | display set| match gcp
show configuration security policies | display set | match <port,range,app>
show configuration applications 
show configuration security policies from-zone <zone> to-zone <zone>
show configuration security address-book global

Routing

> show route
> show route <ip>
> show route table <zone> <ip>
> show config routing instances
> show route 10.3.1.50 table omes.pan
> show route instance untrust-vr
> show ospf neighbor
# set routing-options static route 0.0.0.0/0 next-hop ip

Traceroute

traceroute routing-instance

Interfaces

show config interfaces lo0.1

show BGP routes

show route table bgp.l3vpn.0 | match <ip>
show bgp group instance dhs.data

import export must have reject statment

load override

> start shell and FTP config to router, i.e. /var/tmp/test.cfg. Then
# load override /var/tmp/test.cfg (or full path of config file)

request system software add

request system software add ftp:10.10.10.129/jsr/junos-srxsme-9.5R1.8-domestic.tgz reboot

Hardware

> show chassis hardware detail no-forwarding
> show chas environment
> show chas routing-engine

RMA

https://support.juniper.net/support/rma-procedure/

VPN

show configuration security ipsec vpn

Zones

show configuration security zones security-zone <zone> 
show interface <interface port>
show route <ip> table <ip address/cidr> 
show configuration security zones security-zone <zone> address-set <address>
show configuration security address-book global address-set address

SSG

get route ip <ip>
get itnerface <interface>

create protocol

set application application application <app> protocol <proto type>
set application application <app> destination-port <port3>

create object

set security address-book global address <object name> description "bleh"
set security address-book global address <object name> <ip>

delete

delete security policies from-zone <sourcezone> to-zone <destzone> policy <rulename>

move

imsert security policies from-zone <sourcez> to-zone <destzone> policy <rulename> before policy <rulename2>

add addressbook to group

set security address-book global address net <ip> description ""
set security address-book global address net-<ip> description ""
set security address-book global address-set <group address net-<ip>

zone based group

for addresses in zone based addressed group

set security zones security-zone <szone address-book address <object> <ip>

show security flow

show security flow session source-prefex <ip> destination-prefex <ip2>