Here is a basic reference sheet for looking up equivalent commands
between a Cisco ASA and a Juniper ScreenOS (or Netscreen) SSG and a
Juniper JunOS SRX firewall.
Additional reading material regarding Juniper SSG and ScreenOS commands:
http://www.juniper.net/techpubs/software/screenos/screenos6.2.0/index.html
| Cisco ASA | Juniper ScreenOS (SSG) | Juniper JunOS (SRX) |
|---|---|---|
| show log | get event | show log messages show log messages | last 20 (see the 20 most recent logs) |
| show ip | get interface | show interface terse |
| show failover | get nsrp | show chassist cluster status |
| no failover active | exec nsrp vsd [vsd] mode backup | request chassis cluster failover redundancy-group [group] node |
| show route | get route | show route |
| show connections | get session | show security flow session |
| show clock | get clock | show system uptime |
| show version (to get uptime) | get system | show system uptime |
| show running-config | get config | show config |
| show version (to get serial number) | get chassis | show chassis hardware detail |
| show access-list | get policy | show security policies |
| show crypto isakmp sa | get ike cookie | show security ike security-associations |
| show crypto ipsec sa | get sa | show security ipsec security-associations |
| clear crypto isakmp sa | clear ike cookie | clear security ike security-associations |
| clear crypto ipsec sa | clear sa | clear security ipsec security-associations |
| show cpu | get perf cpu | show chassis routing-engine |
| show proc cpu-usage | show system processes extensive | |
| show int (for i/o of bytes) | get counter statistics | |
| ssh x.x.x.0 y.y.y.0 inside | set admin manager-ip x.x.x.0 y.y.y.0 set ssh enable |
|
| show run [cry isakmp|tunnel-group]? | get ike gateway | |
| interface Ethernet1 shutdown |
set interface ethernet0/0 phy link-down | |
| interface Ethernet1 no shutdown |
unset interface ethernet0/0 phy link-down | |
| show failover | get nsrp | |
| route outside 1.1.1.0 255.255.255.0 1.1.1.2 | set route 1.1.1.0/24 interface bgroup3/0 gateway 1.1.1.2 | |
| logging host INSIDE 1.1.1.1 logging trap notification |
set syslog config 172.16.200.200 facilities local5 set syslog src-interface ethernet1/0 set syslog enable |
|
| ntp server 1.1.1.1 source OUTSIDE | set ntp server 1.1.1.1 set ntp server src-interface ethernet3/0 set clock ntp exec ntp update |
|
| capture CAP1 match ip host 1.1.1.1 host 2.2.2.2 | clear db set console dbuf set ffilter src-ip 1.1.1.1 dst-ip 2.2.2.2 debug flow basic — OR — snoop filter ip src-ip 1.1.1.1 dst-ip 2.2.2.2 direction both clear dbuf snoop |
edit security flow traceoptions set file TSHOOT set flag basic-datapath set packet-filter IN-TO-OUT source-prefix 10.1.1.100/32 destination-prefix 10.2.0.3/32 |
| show capture CAP1 | get dbuf stream | show log TSHOOT |
| clear capture CAP1 | undebug all unset ffilter — OR — snoop filter delete |
deactivate security flow traceoptions delete security flow traceoptions |
No comments:
Post a Comment