반응형
Juniper Firewall TroubleShooting Command
-. 주니퍼 방화벽 장비를 사용하는데 있어 사용되는 ScreenOS 명령어 입니다.
문제 발생시에 사용되는 명령어로써 장비 정보확인을 하는데 있어 기본/유용한
명령어 입니다.
---------------------------------------------------------------------------
Trouble Shooting Command for Juniper Firewalls (ScreenOS)
| SCREENOS | NOTES |
|---|---|
| Session & Interface counters | |
| get session | |
| get interface | |
| get counter stat | |
| get couter stat <interface> | |
| clear counter stat | |
| Debug & Snoop | |
| debug flow basic | creates debugs in detail file name : /var/log/security-trace more info-debug flow basic |
| set ff | Packet-drop is a feature that will be added |
| get ff | |
| get debug | |
| get db stream | monitor stop' stops real-time view , but debugs are still collected in log files |
| clear db | Use 'file delete <filename> to actually delete file> |
| undebug <debug> (stops collecting debugs) | Deactivate makes it easier to enable/disable. Use activate traceoptions to activate. |
| undebug all | |
| debug ike detail | creates debugs in default file name: kmd |
| snoop (packets THRU the JUNOS device) | Not supported on SRX 3x00/5x00 yet |
| snoop (packets TO the JUNOS device) | Only captures traffic destined for the RE of router itself. Excludes PING . |
| Event Logs | |
| get event | |
|
Note: There is not an equivalent command for 'get event include <string>'. match displays only the lines that contains the string find displays output starting from the first occurrence of the string |
| clear event | |
| Config & Software upgrade | |
| get config | |
| get license | |
| get chassis (serial numbers) | show chas environment show chas routing-engine |
| unset all | more info-unset all |
| reset | |
| load config from tftp <tftp_server><configfile> | TFTP is not supported. USE only FTP.HTTP or SCP |
| load software from tftp <tftp_server><screenosimage> to flash | TFTP is not supported. USE only FTP.HTTP or SCP Use 'request system software rollback' to rollback to previous s/w package |
| save | |
| reset | |
| Policy | |
| get policy | |
| get policy from <zone> to <zone> | |
| VPN | |
| get ike cookie | |
| get sa | |
| clear ike cookie | |
| clear sa | |
| NSRP | |
| get nsrp | |
| exec nsrp vsd <vsd> mode backup (on master) see KB5885 | |
| DHCP | |
| get dhcp client | |
| exec dhcp client <int> renew | |
| Routing | |
| get route | |
| get route ip <ipaddress> | |
| get vr untrust-vr route | |
| get ospf nei | |
| set route 0.0.0.0/0 int <int> gateway <ip> | |
| NAT | |
| get vip | |
| get mip | |
| get dip | |
| Others | |
| get perf cpu | |
| get net-pak s | |
| get file | |
| get alg | |
| get service | |
| get tech | |
| set console page 0 |
반응형
'업무이야기 > Firewall' 카테고리의 다른 글
| NSRP Monitor Track IP Configuration Examples (0) | 2011.11.17 |
|---|---|
| Juniper Firewall Transparent mode config (Example) (0) | 2011.11.04 |
| Juniper ISG Series Integrated Security Gateways (0) | 2011.09.27 |
| Juniper Netscreen 204... (0) | 2011.08.19 |
| Juniper ISG 2000 (0) | 2011.07.31 |
