Академический Документы
Профессиональный Документы
Культура Документы
0
1
2
3
4
5
6
Juniper SRX -- Concepts: Understand and explain the configuration management sys
tem
***********THIS ONE************
================================================================================
===
https://www.juniper.net/documentation/en_US/junos12.1/topics/concept/junos-cli-o
perational-configuration-modes-switching-overview.html
Rene Juniper PPT
configure or edit to go into configuration mode user@host#
user@host> is Operation mode
To run Operational mode commands in configuration mode type run before the comma
nd. (IE run show interfaces terse)
RUN UNIX SHELL
start shell
To move security policies
insert security policies from-zone A to-zone B policy NEW before policy OLD
***************
I messed up too much with the configuration and I don t know if it s safe to commit
anymore! What can I do?
If you don t want to lose a lot of work: show | compare
It will show you the pending changes
If you just want to start from scratch: rollback 0
Similar to copy start run on Cisco
Or you just can exit the appliance and don t save when asked
***************
o o
o o
Customer networks
192.168.47.5
192.168.47.5
SRX A
set interfaces ge-1/2/0 unit 0 description A->B
set interfaces ge-1/2/0 unit 0 family inet address 172.16.1.1/24
set interfaces lo0 unit 57 family inet address 10.0.0.1/32
set interfaces lo0 unit 57 family inet address 10.0.0.2/32
set routing-options static route 192.168.47.0/24 next-hop 172.16.1.2
SRX
set
set
set
set
set
B
interfaces ge-1/2/0 unit 1 description B->A
interfaces ge-1/2/0 unit 1 family inet address 172.16.1.2/24
interfaces lo0 unit 2 family inet address 192.168.47.5/32
interfaces lo0 unit 2 family inet address 192.168.47.6/32
routing-options static route 0.0.0.0/0 next-hop 172.16.1.1
Show route
show routing-options
Juniper SRX -- Troubleshoot: Troubleshoot using log entries
===========================================================
http://kb.juniper.net/InfoCenter/index?page=content&id=KB15779&actp=search#Log_f
iles_and_Syslog
Log Files
System messages can be viewed in the log files with the 'show log messages' comm
and. Variations of the command are as follows:
Commands:
show log:
List all Logfiles available
show log messages:
Show Log File from beginning
show log messages | last:
List last Log Messages
show log messages | match LOGIN:
Search within the Log
monitor start <file>:
Send Logs to terminal (like tail -f)
Logs play an important role in identifying and fixing troubles. In Juniper devic
es, there are different ways to configure logs. You can configure a Juniper devi
ce to send log messages to log server in the network or within the device.
JunOS is heart of Juniper devices and works just perfect. Today I will show you
how to configure logs in Juniper SRX within the device.
Configure Logs in Juniper SRX
Possible traceoptions
Overview
For SRX High-End devices, security logs such as traffic and IDP logs are streame
d through the traffic interface ports to a remote syslog server. You can configu
re that security logs are handled through the eventd process and sent with
system logs.
SRX High-End devices do not send session logs to the Routing Engine (RE). Becaus
e system logging is performed on the RE, session or traffic logs cannot be writt
en to the RE file system. Therefore, all traffic logging must be sent to
a remote syslog server. Because fxp0 belongs to the RE, the remote syslog serve
r must be reachable by an interface on an IOC. Traffic logging cannot be sent ou
t through fxp0.
CLI Configuration
To send traffic (security policy) logs to a remote syslog server, you must confi
gure the following:
Send security log messages to a remote syslog server.
commit
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21134&actp=search
They give nothing
============================================================================
Juniper
An SSH connection is established using the TACACS ID backups to the device's DRA
C IP from the applicable DC's IP range on port 22
There are three phases to backing these devices up:
Version - show version to get the configuraiton
running-config - show configuration | display set
finalize - Perform a commit to save the configuration and then properly
close the SSH connection.