Difference between revisions of "SRX notes"
From cpwiki.net
(Pushed from Themanclub.) |
|||
(5 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
junos SRX notes | junos SRX notes | ||
+ | |||
+ | show interface IPs | ||
+ | > show interfaces terse | match inet | ||
+ | |||
+ | show rule / policy | ||
+ | # show security policies from-zone trust to-zone untrust policy <policy_name> | ||
+ | |||
+ | search address book for pre-defined objects | ||
+ | # show security zones security-zone untrust address-book | match "192.168.1.1" | ||
Line 15: | Line 24: | ||
node0 200 secondary no no | node0 200 secondary no no | ||
node1 100 primary no no | node1 100 primary no no | ||
− | |||
− | |||
− | |||
add proxy arp | add proxy arp | ||
set security nat proxy-arp interface reth0 address 192.168.1.1 | set security nat proxy-arp interface reth0 address 192.168.1.1 | ||
+ | |||
+ | start unix shell | ||
+ | > start shell user root | ||
+ | |||
+ | example new rule (in progress) | ||
+ | |||
+ | match > permit > insert | ||
+ | |||
+ | ==VM download== | ||
+ | |||
+ | [https://webdownload.juniper.net/swdl/dl/secure/site/1/record/117212.html?pf=vSRX%20EVAL https://webdownload.juniper.net/swdl/dl/secure/site/1/record/117212.html?pf=vSRX%20EVAL] | ||
[[category:juniper]] | [[category:juniper]] |
Latest revision as of 14:28, 20 June 2024
junos SRX notes
show interface IPs
> show interfaces terse | match inet
show rule / policy
# show security policies from-zone trust to-zone untrust policy <policy_name>
search address book for pre-defined objects
# show security zones security-zone untrust address-book | match "192.168.1.1"
monitoring traffic example
monitor traffic matching "host 10.0.0.1" no-resolve interface reth0
show cluster status
root@SRXfw> show chassis cluster status Cluster ID: 1 Node Priority Status Preempt Manual failover Redundancy group: 0 , Failover count: 0 node0 200 primary no no node1 100 secondary no no Redundancy group: 1 , Failover count: 3 node0 200 secondary no no node1 100 primary no no
add proxy arp
set security nat proxy-arp interface reth0 address 192.168.1.1
start unix shell
> start shell user root
example new rule (in progress)
match > permit > insert
VM download
https://webdownload.juniper.net/swdl/dl/secure/site/1/record/117212.html?pf=vSRX%20EVAL