Juniper SRX Commonly Used Commands

In the previous articles, we have studied the basics of Juniper SRX firewall, its architecture, installation, modes, security policies etc. Today, we will discuss the command line interface of Juniper SRX.

Commonly Used Commands: Juniper SRX

Here are some commonly used CLI commands for managing and configuring Juniper SRX devices:

Viewing System Information

show version:

Displays the Junos software version running on the device.

show system uptime:

Shows how long the device has been running since its last reboot.

show chassis hardware:

Provides hardware information such as model, serial number, and installed modules.

Interface Configuration and Status

show interfaces terse:

Displays brief information about all interfaces on the device.

show interfaces <interface-name>:

Shows detailed information about a specific interface.

show interfaces diagnostics optics <interface-name>:

Displays optical transceiver diagnostics information for a specific interface.

Routing and Forwarding Table

show route:

Shows the routing table.

show route forwarding-table:

Displays the forwarding table.

show route protocol <protocol-name>:

Shows routes learned via a specific routing protocol.

Security Policies and Zones

show security policies:

Displays security policies configured on the device.

show security zones:

Shows configured security zones and associated interfaces.

show security flow session:

Displays active sessions passing through the device.

NAT (Network Address Translation)

show security nat source:

Shows configured source NAT rules.

show security nat destination:

Displays configured destination NAT rules

VPN (Virtual Private Network)

show security ipsec security-associations:

Displays active IPsec security associations.

show security ike security-associations:

Shows active IKE (Internet Key Exchange) security associations.

show security ipsec vpn:

Displays configured IPsec VPNs.

System Logs and Monitoring

show log:

Displays system log messages.

show security flow session source-prefix <source-ip>:

Shows active sessions originating from a specific source IP address.

show security flow session destination-prefix <destination-ip>:

Shows active sessions destined to a specific destination IP address.

Packet Capture

monitor traffic interface <interface-name>:

Initiates packet capture on a specific interface.

monitor traffic interface <interface-name> extensive:

Initiates packet capture with more detailed information.

monitor traffic no-resolve:

Captures packets without resolving IP addresses to hostnames.

Commit and Rollback

commit:

Commits configuration changes to the device.

commit check:

Checks the configuration for syntax errors without committing.

commit full:

commit entire configuration

commit comment “{TEXT}”:

Add a comment after commit changes

rollback <rollback-number>:

Rolls back the configuration to a previous state.

rollback rescue:

Rollback the configuration to rescue point

Process Management

show system processes extensive:

Show processes

restart {process} gracefully:

Restart the process after all the present tasks have been completed

Miscellaneous

request system reboot:

Reboots the device.

request system storage cleanup:

Remove unwanted files

request support information:

Collects system information for troubleshooting purposes.

configure:

Enters configuration mode.

exit:

Exits configuration mode or the CLI.

Please Note:

These commands provide a basic overview of managing and configuring Juniper SRX devices via the CLI. The actual command syntax may vary depending on the Junos OS version and device model. It is advised to always refer to official documentation or consult with Juniper support for detailed information and assistance.

Continue Reading:

How to Configure Security Packet Capture on SRX?

How to configure SSL Forward Proxy on SRX?