Usefull Juniper SRX commands

This post contains several useful Junos SRX commands for the CLI. Mainly for myself, because I don't use those command regularly....

This post will be updated over time... Here it goes:

View session information:

root@srx100> show security flow session summary

Clear sessions through the firewall

root@srx100> clear security flow session all

Switch to other node in a cluster via CLI (over the HA-link):

root@srx100> request routing-engine login node 1

For High End devices, the command will be from shell:

% rlogin -Jk -T node1

View the config in set commands instead of the default hierarchy view:

root@srx100> show configuration | display set

Setting the correct logfile settings from the CLI (which is name-sensitive):

[edit]
root@srx100# set system syslog file policy_session user info
root@srx100# set system syslog file policy_session match RT_FLOW
root@srx100# set system syslog file policy_session archive size 1000k
root@srx100# set system syslog file policy_session archive world-readable
root@srx100# set system syslog file policy_session structured-data

Load the set commands through the CLI. After pasting them, use CTRL-D to end the insertion of commands. A commit is still needed to commit the changes.

root@srx100# load set terminal
root@srx100# <CTRL-D to end>
root@srx100# <paste the set commands>

Monitor activity from the CLI (assuming that you have configured the logging part):

root@srx100> monitor start policy_session

This will start scrolling the logging in real-time on the screen. To stop this, you need to enter the following (while your screen looks like a mess due to the scrolling log information):

root@srx100> monitor stop

Replace strings (CaSe-SensiTive) in your config (e.g. globally change an IP address which is used several times):

root@srx100# replace pattern 192.168.0.1 with 192.168.1.1

View the changes before you commit the configuration:

root@srx100# show | compare rollback 0

Save the rescue configuration (clearing the alarm LED on the device):

root@srx100> request system configuration rescue save

Restoring the rescue configuration:

[edit]
root@srx100# rollback rescue
load complete

[edit]
root@srx100# commit

Show the users logged in to the firewall (configuration): 

root@srx100> show system users no-resolve 
--------------------------------------------------------------------------
2:36PM up 2 days, 22:36, 2 users, load averages: 0.17, 0.33, 0.36
USER TTY FROM LOGIN@ IDLE WHAT
root p0 10.0.0.8 1:16PM - -cli (cli)
root jweb1 10.0.0.8 1:07PM 1

root@srx100>

Kick a logged in user from the CLI:

root@srx100> request system logout terminal jweb1

root@srx100> show system users no-resolve
--------------------------------------------------------------------------
2:36PM up 2 days, 22:36, 2 users, load averages: 0.17, 0.33, 0.36
USER TTY FROM LOGIN@ IDLE WHAT
root p0 10.0.0.8 1:16PM - -cli (cli)

root@srx100>
Posted on March 11, 2011 and filed under Security, Tips'n Tricks, Junos.