728x90
Juniper Firewall TroubleShooting Command
-. 주니퍼 방화벽 장비를 사용하는데 있어 사용되는 ScreenOS 명령어 입니다.
문제 발생시에 사용되는 명령어로써 장비 정보확인을 하는데 있어 기본/유용한
명령어 입니다.
---------------------------------------------------------------------------
Trouble Shooting Command for Juniper Firewalls (ScreenOS)
SCREENOS | NOTES |
---|---|
Session & Interface counters | |
get session | |
get interface | |
get counter stat | |
get couter stat <interface> | |
clear counter stat | |
Debug & Snoop | |
debug flow basic | creates debugs in detail file name : /var/log/security-trace more info-debug flow basic |
set ff | Packet-drop is a feature that will be added |
get ff | |
get debug | |
get db stream | monitor stop' stops real-time view , but debugs are still collected in log files |
clear db | Use 'file delete <filename> to actually delete file> |
undebug <debug> (stops collecting debugs) | Deactivate makes it easier to enable/disable. Use activate traceoptions to activate. |
undebug all | |
debug ike detail | creates debugs in default file name: kmd |
snoop (packets THRU the JUNOS device) | Not supported on SRX 3x00/5x00 yet |
snoop (packets TO the JUNOS device) | Only captures traffic destined for the RE of router itself. Excludes PING . |
Event Logs | |
get event | |
|
Note: There is not an equivalent command for 'get event include <string>'. match displays only the lines that contains the string find displays output starting from the first occurrence of the string |
clear event | |
Config & Software upgrade | |
get config | |
get license | |
get chassis (serial numbers) | show chas environment show chas routing-engine |
unset all | more info-unset all |
reset | |
load config from tftp <tftp_server><configfile> | TFTP is not supported. USE only FTP.HTTP or SCP |
load software from tftp <tftp_server><screenosimage> to flash | TFTP is not supported. USE only FTP.HTTP or SCP Use 'request system software rollback' to rollback to previous s/w package |
save | |
reset | |
Policy | |
get policy | |
get policy from <zone> to <zone> | |
VPN | |
get ike cookie | |
get sa | |
clear ike cookie | |
clear sa | |
NSRP | |
get nsrp | |
exec nsrp vsd <vsd> mode backup (on master) see KB5885 | |
DHCP | |
get dhcp client | |
exec dhcp client <int> renew | |
Routing | |
get route | |
get route ip <ipaddress> | |
get vr untrust-vr route | |
get ospf nei | |
set route 0.0.0.0/0 int <int> gateway <ip> | |
NAT | |
get vip | |
get mip | |
get dip | |
Others | |
get perf cpu | |
get net-pak s | |
get file | |
get alg | |
get service | |
get tech | |
set console page 0 |
728x90
'업무이야기 > Security' 카테고리의 다른 글
NSRP Monitor Track IP Configuration Examples (0) | 2011.11.17 |
---|---|
Juniper Firewall Transparent mode config (Example) (0) | 2011.11.04 |
Juniper ISG Series Integrated Security Gateways (0) | 2011.09.27 |
Juniper Netscreen 204... (0) | 2011.08.19 |
Juniper ISG 2000 (0) | 2011.07.31 |