| Operation | Command |
|---|---|
| show zone | > show security zones # run show security zones |
| show policy | >show security policies > show configuration security policies |display set #show | display set | no-more | match policy # run show security policies # run show security policies from ZONE to ZONE |
| show default application | # show groups junos-defaults applications # show groups junos-defaults applications | display set | match XXXX # show groups junos-defaults applications | hold XXXX |
| show policies hit count | > show security policies hit-count |
| Clear policies hit count | > clear security policies hit-count |
root> configure root# set security zones security-zone Trust interfaces reth0.0 root# set security zones security-zone Unrust interfaces reth1.0 root# show | compare root# commit check root# commit
# set security zones security-zone TRUST address-book address NW1 192.168.10.0/24 or # set security address-book TRUST-NW address NW1 192.168.10.0/24 # set security address-book TRUST-NW attach zone TRUST
set security zones security-zone untrust address-book address test-01 xx.xx.xx.xx/32 set security zones security-zone untrust address-book address test-02 xx.xx.xx.xx/32 set security zones security-zone untrust address-book address-set test address test-01 set security zones security-zone untrust address-book address-set test address test-02
# set applications application test9999 protocol tcp # set applications application test9999 source-port 0-65535 # set applications application test9999 destination-port 9999
# set security zones security-zone DMZ address-book address test-server1 100.100.100.11/32 # set security policies from-zone untrust to-zone DMZ policy 030102013 match source-address any # set security policies from-zone untrust to-zone DMZ policy 030102013 match destination-address test-server1 # set security policies from-zone untrust to-zone DMZ policy 030102013 match application junos-http junos-https # set security policies from-zone untrust to-zone DMZ policy 030102013 then permit # set security policies from-zone untrust to-zone DMZ policy 030102013 then log session-init
# edit security policies from-zone UNTRUST to-zone TRUST # set policy UNTRUST2TRUST match source-address any # set policy UNTRUST2TRUST match destination-address NW1 # set policy UNTRUST2TRUST match application junos-https junos-http # set policy UNTRUST2TRUST then permit # set policy UNTRUST2TRUST then count # show
# edit security policies from-zone UNTRUST to-zone TRUST policy UNTRUST2TRUST # set match source-address any # set match destination-address NW1 # set match application junos-https junos-http # set then permit # set then count # show
# insert security policies from-zone untrust to-zone DMZ policy XXXX before XXXXX
# edit security policies from-zone untrust to-zone DMZ # insert policy 10 before policy 6
add smtp # set security policies from-zone untrust to-zone DMZ policy 03102013 match application junos-smtp remove https # delete security policies from-zone untrust to-zone DMZ policy 03102013 match application junos-https
# delete security policies from-zone untrust to-zone DMZ policy 03102013
# edit security policies from-zone untrust to-zone DMZ policy 10 # inactive # active
> show security flow session summary > show security flow session > show security flow session source-prefix x.x.x.x
> clear security flow session all > show security flow session source-prefix x.x.x.x destination-prefix x.x.x.x > clear security flow session source-prefix x.x.x.x
Juniper Junos CLI Commands(SRX/QFX/EX)