Difference between revisions of "SRX notes"

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services
 
(3 intermediate revisions by one user not shown)
Line 1: Line 1:
 
junos  SRX notes
 
junos  SRX notes
 +
 +
show interface IPs
 +
> show interfaces terse | match inet
  
 
show rule / policy
 
show rule / policy
Line 21: Line 24:
 
       node0                  200        secondary      no      no   
 
       node0                  200        secondary      no      no   
 
       node1                  100        primary        no      no
 
       node1                  100        primary        no      no
 
show security rules
 
  ...?
 
  
 
add proxy arp
 
add proxy arp
Line 30: Line 30:
 
start unix shell
 
start unix shell
 
  > start shell user root  
 
  > start shell user root  
 +
 +
example new rule (in progress)
 +
 +
match > permit > insert
 +
 +
==VM download==
 +
 +
[https://webdownload.juniper.net/swdl/dl/secure/site/1/record/117212.html?pf=vSRX%20EVAL https://webdownload.juniper.net/swdl/dl/secure/site/1/record/117212.html?pf=vSRX%20EVAL]
  
 
[[category:juniper]]
 
[[category:juniper]]

Latest revision as of 14:28, 20 June 2024

junos SRX notes

show interface IPs

> show interfaces terse | match inet

show rule / policy

# show security policies from-zone trust to-zone untrust policy <policy_name>

search address book for pre-defined objects

#  show security zones security-zone untrust address-book | match "192.168.1.1"


monitoring traffic example

  monitor traffic matching "host 10.0.0.1" no-resolve interface reth0

show cluster status

 root@SRXfw> show chassis cluster status 
 Cluster ID: 1 
 Node                  Priority          Status    Preempt  Manual failover
 Redundancy group: 0 , Failover count: 0
     node0                   200         primary        no       no  
     node1                   100         secondary      no       no  
 Redundancy group: 1 , Failover count: 3
     node0                   200         secondary      no       no  
     node1                   100         primary        no       no

add proxy arp

 set security nat proxy-arp interface reth0 address 192.168.1.1

start unix shell

> start shell user root 

example new rule (in progress)

match > permit > insert

VM download

https://webdownload.juniper.net/swdl/dl/secure/site/1/record/117212.html?pf=vSRX%20EVAL