Difference between revisions of "SRX notes"

From cpwiki.net
Jump to: navigation, search
Check Point Profressional Services
(Pushed from Themanclub.)
 
(4 intermediate revisions by one user not shown)
Line 1: Line 1:
 
junos  SRX notes
 
junos  SRX notes
 +
 +
show rule / policy
 +
# show security policies from-zone trust to-zone untrust policy <policy_name>
 +
 +
search address book for pre-defined objects
 +
#  show security zones security-zone untrust address-book | match "192.168.1.1"
  
  
Line 15: Line 21:
 
       node0                  200        secondary      no      no   
 
       node0                  200        secondary      no      no   
 
       node1                  100        primary        no      no
 
       node1                  100        primary        no      no
 
show security rules
 
  ...?
 
  
 
add proxy arp
 
add proxy arp
 
   set security nat proxy-arp interface reth0 address 192.168.1.1
 
   set security nat proxy-arp interface reth0 address 192.168.1.1
 +
 +
start unix shell
 +
> start shell user root
 +
 +
example new rule (in progress)
 +
 +
match > permit > insert
 +
 +
==VM download==
 +
 +
[https://webdownload.juniper.net/swdl/dl/secure/site/1/record/117212.html?pf=vSRX%20EVAL https://webdownload.juniper.net/swdl/dl/secure/site/1/record/117212.html?pf=vSRX%20EVAL]
  
 
[[category:juniper]]
 
[[category:juniper]]

Latest revision as of 19:41, 6 May 2021

junos SRX notes

show rule / policy

# show security policies from-zone trust to-zone untrust policy <policy_name>

search address book for pre-defined objects

#  show security zones security-zone untrust address-book | match "192.168.1.1"


monitoring traffic example

  monitor traffic matching "host 10.0.0.1" no-resolve interface reth0

show cluster status

 root@SRXfw> show chassis cluster status 
 Cluster ID: 1 
 Node                  Priority          Status    Preempt  Manual failover
 Redundancy group: 0 , Failover count: 0
     node0                   200         primary        no       no  
     node1                   100         secondary      no       no  
 Redundancy group: 1 , Failover count: 3
     node0                   200         secondary      no       no  
     node1                   100         primary        no       no

add proxy arp

 set security nat proxy-arp interface reth0 address 192.168.1.1

start unix shell

> start shell user root 

example new rule (in progress)

match > permit > insert

VM download

https://webdownload.juniper.net/swdl/dl/secure/site/1/record/117212.html?pf=vSRX%20EVAL