Juniper SRX Commands

CONFIG COMMANDS

 

Root#  show | display set

 

FACTOR defaults

  1. Enter the load factory-default command.

root@hostload factory-default

  1. Use the set system root-authentication plain-text-password command to set a new root password for the device.

root@hostset system root-authentication plain-text-password

  1. Enter the root password, and enter it again for confirmation.

New password:

Retype new password:

 

Pasted from <http://kb.juniper.net/InfoCenter/index?page=content&id=KB15725>

 

 

UNTRUST - REMOTE MANAGEMENT

 

set system services web-management https system-generated-certificate

 

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https

 

 

SET STATIC IP ADDRESS, ROUTE

 

set interfaces ge-0/0/0 unit 0 family inet address 100.142.41.87/24

set routing-options static route 0.0.0.0/0 next-hop 100.142.41.100

 

RESTRICT REMOTE MANAGEMENT

set security zones security-zone untrust address-book address my-desk 100.142.41.84/32

set security zones security-zone junos-host address-book address SRX210 100.142.41.87/32

 

set security policies from-zone untrust to-zone junos-host policy managementconn match source-address my-desk

set security policies from-zone untrust to-zone junos-host policy managementconn match destination-address SRX210

set security policies from-zone untrust to-zone junos-host policy managementconn match application any

set security policies from-zone untrust to-zone junos-host policy managementconn then permit

set security policies from-zone untrust to-zone junos-host policy denyMgmt match source-address any

set security policies from-zone untrust to-zone junos-host policy denyMgmt match destination-address SRX210

set security policies from-zone untrust to-zone junos-host policy denyMgmt match application any

set security policies from-zone untrust to-zone junos-host policy denyMgmt then deny

set security policies from-zone untrust to-zone junos-host policy denyMgmt then log session-init

set security policies from-zone untrust to-zone junos-host policy denyMgmt then log session-close

set security policies from-zone untrust to-zone junos-host policy denyMgmt then count

 

REBOOT

root> request system reboot

 

RESCUE CONFIG

Create

root> request system configuration rescue save

Roll back

Root> rollback rescue

commit

 

 

SYSTEM STORAGE DISK FULL

root# run show system storage

 

PORT FORWARDING

set security nat destination pool server22 address 192.168.1.2/32

set security nat destination pool server22 address port 22

set security nat destination rule-set nat-pf-example from interface ge-0/0/0.0

set security nat destination rule-set nat-pf-example rule port-forwarding match destination-address 100.142.41.87/32

set security nat destination rule-set nat-pf-example rule port-forwarding match destination-port 2022

set security nat destination rule-set nat-pf-example rule port-forwarding then destination-nat pool server22

 

set security zones security-zone trust address-book address linuxbox 192.168.1.2/32

set security zones security-zone untrust address-book address my-desk 100.142.41.84/32

set security zones security-zone untrust address-book address testwifi 153.250.138.30/32

 

set security policies from-zone untrust to-zone trust policy linuxssh match source-address my-desk

set security policies from-zone untrust to-zone trust policy linuxssh match source-address testwifi

set security policies from-zone untrust to-zone trust policy linuxssh match destination-address linuxbox

set security policies from-zone untrust to-zone trust policy linuxssh match application any

set security policies from-zone untrust to-zone trust policy linuxssh then permit

set security policies from-zone untrust to-zone trust policy linuxssh then log session-init