Junos – show session

show security flow session ?
Possible completions:
  <[Enter]>            Execute this command
  application          Application protocol name
  brief                Show brief output (default)
  destination-port     Destination port (1..65535)
  destination-prefix   Destination IP prefix or address
  extensive            Show detailed output
  family               Show session by family
  idp                  Show idp sessions
  interface            Name of incoming or outgoing interface
  nat                  Show sessions with network address translation
  node                 Show session table on specific node
  protocol             IP protocol number
  resource-manager     Show sessions with resource manager
  session-identifier   Show session with specified session identifier
  source-port          Source port (1..65535)
  source-prefix        Source IP prefix or address
  summary              Show output summary
  tunnel               Show tunnel sessions
  |                    Pipe through a command

Hits: 28

SRX – Rollback

root> request system software rollback
** /dev/altroot
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 40981 free (29 frags, 5119 blocks, 0.0% fragmentation)
junos-10.4R4.5-domestic will become active at next reboot

root> request system reboot
Reboot the system ? [yes,no] (no) yes

Shutdown NOW!
[pid 1288]

root>
*** FINAL System shutdown message from root@ ***

System going down IMMEDIATELY
JWaiting (max 60 seconds) for system process `vnlru_mem’ to stop…done
Waiting (max 60 seconds) for system process `vnlru’ to stop…done
Waiting (max 60 seconds) for system process `bufdaemon’ to stop…done
Waiting (max 60 seconds) for system process `syncer’ to stop…
Syncing disks, vnodes remaining…0 0 0 done

syncing disks… All buffers synced.
Uptime: 6m18s
Rebooting…

Amnesiac (ttyu0)

login: root
Password:

— JUNOS 10.4R4.5 built 2011-05-06 06:14:23 UTC
root@%

Hits: 24

SRX – Upgrade system

root> request system software add no-copy /var/tmp/junos-srxsme-10.4R7.5-domestic.tgz

NOTICE: Validating configuration against junos-srxsme-10.4R7.5-domestic.tgz.
NOTICE: Use the ‘no-validate’ option to skip this if desired.
Formatting alternate root (/dev/da0s2a)…
/dev/da0s2a: 298.0MB (610284 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 74.50MB, 4768 blks, 9600 inodes.
super-block backups (for fsck -b #) at:
32, 152608, 305184, 457760
Checking compatibility with configuration
Initializing…
Verified manifest signed by PackageProduction_10_4_0
Verified junos-10.4R4.5-domestic signed by PackageProduction_10_4_0
Using junos-10.4R7.5-domestic from /altroot/cf/packages/install-tmp/junos-10.4R7.5-domestic
Copying package …
Saving boot file package in /var/sw/pkg/junos-boot-srxsme-10.4R7.5.tgz
Verified manifest signed by PackageProduction_10_4_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
cp: /cf/var/validate/chroot/var/etc/resolv.conf and /etc/resolv.conf are identical (not copied).
cp: /cf/var/validate/chroot/var/etc/hosts and /etc/hosts are identical (not copied).
mgd: commit complete
Validation succeeded
Installing package ‘/altroot/cf/packages/install-tmp/junos-10.4R7.5-domestic’ …
Verified junos-boot-srxsme-10.4R7.5.tgz signed by PackageProduction_10_4_0
Verified junos-srxsme-10.4R7.5-domestic signed by PackageProduction_10_4_0
Saving boot file package in /var/sw/pkg/junos-boot-srxsme-10.4R7.5.tgz
JUNOS 10.4R7.5 will become active at next reboot
WARNING: A reboot is required to load this software correctly
WARNING: Use the ‘request system reboot’ command
WARNING: when software installation is complete
Saving state for rollback …

root> request system reboot
Reboot the system ? [yes,no] (no) yes

Shutdown NOW!
[pid 2093]

root>
*** FINAL System shutdown message from root@ ***
System going down IMMEDIATELY
Waiting (max 60 seconds) for system process `vnlru’ to stop…done
Waiting (max 60 seconds) for system process `vnlru_mem’ to stop…done
Waiting (max 60 seconds) for system process `bufdaemon’ to stop…done
Waiting (max 60 seconds) for system process `syncer’ to stop…
Syncing disks, vnodes remaining…2 2 0 0 0 done

syncing disks… All buffers synced.
Uptime: 36m51s
Rebooting…

Hits: 43

SRX – Load new software

root> ftp 192.168.1.2
Connected to 192.168.1.2.
220 3Com 3CDaemon FTP Server Version 2.0
Name (192.168.1.2:root): anonymous
331 User name ok, need password
Password:
230 User logged in
Remote system type is UNIX.
Using binary mode to transfer files.

ftp> lcd /var/tmp
Local directory now /cf/var/tmp

ftp> bin
200 Type set to I.

ftp> get junos-srxsme-10.4R7.5-domestic.tgz
local: junos-srxsme-10.4R7.5-domestic.tgz remote: junos-srxsme-10.4R7.5-domestic.tgz
200 PORT command successful.
150 File status OK ; about to open data connection
100% |**************************************************| 210 MB 00:00 ETA
226 Closing data connection; File transfer successful.
221075489 bytes received in 264.06 seconds (817.59 KB/s)

ftp> bye
221 Service closing control connection

root> request system software delete-backup
Delete backup system software package [yes,no] (no) yes

 

Hits: 27

SRX – Back to factory default

root@host# load factory-default
root@host# set system root-authentication plain-text-password
New password:
 Retype new password:
root@host# commit and-quit

After the commit, the factory default configuration is the running configuration.

Caution: Before you commit changes, if you do not assign an IP address for the ge-0/0/0 interface, create a local user account, and enter routing information, either from CLI configuration or using DHCP, the SRX device is no longer remotely accessible. To manage the SRX device, you must connect a PC or laptop to the physical console, or attach the PC or laptop to a subnet that is directly connected to the ge-0/0/0 interface, which is assigned an IP address of 192.168.2.1.

 

Hits: 22

Multiple vpn tunnels in Junos on SRX platform

interfaces {
    fe-0/0/3 {
        description untrustinterface;
        unit 0 {
            family inet {
                address 1.1.1.1/24;
            }
        }
    }
    st0 {
        description TunnelInterface;
        unit 10 {
            description TunnelVPN10;
            family inet {
                address 10.1.254.1/30;
            }
        }
        unit 11 {
            description TunnelVPN11;
            family inet {
                address 10.1.254.5/30;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 1.1.1.254;
        route 10.1.10.0/24 next-hop 10.1.254.2;
        route 10.1.11.0/24 next-hop 10.1.254.6;
    }
}
security {
    ike {
        proposal IkeProposal1 {
            authentication-method pre-shared-keys;
            dh-group group2;
            authentication-algorithm md5;
            encryption-algorithm 3des-cbc;
            lifetime-seconds 86400;
        }
        policy IkePolicyVPN10 {
            mode main;
            proposals IkeProposal1;
            pre-shared-key ascii-text "vbnFGJrtuy"; ## SECRET-DATA
        }
        policy IkePolicyVPN11 {
            mode main;
            proposals IkeProposal1;
            pre-shared-key ascii-text "gjhgJHGDFGHdfj"; ## SECRET-DATA
        }
        gateway IkeGatewayVPN10 {
            ike-policy IkePolicyVPN10;
            address 2.2.2.2;
            dead-peer-detection;
            external-interface fe-0/0/3.0;
        }
        gateway IkeGatewayVPN11 {
            ike-policy IkePolicyVPN11;
            address 3.3.3.3;
            dead-peer-detection;
            external-interface fe-0/0/3.0;
        }
    }
    ipsec {
        proposal IpsecProposal1 {
            protocol esp;
            authentication-algorithm hmac-md5-96;
            encryption-algorithm 3des-cbc;
        }
        policy VpnPolicy1 {
            perfect-forward-secrecy {
                keys group2;
            }
        }
        vpn VPN10 {
            bind-interface st0.10;
            ike {
                gateway IkeGatewayVPN10;
                ipsec-policy VpnPolicy1;
            }
        }
        vpn VPN11 {
            bind-interface st0.11;
            ike {
                gateway IkeGatewayVPN11;
                ipsec-policy VpnPolicy1;
            }
        }
    }
    zones {
        security-zone untrust {
            screen untrust-screen;
            host-inbound-traffic {
                system-services {
                    ike;
                    ssh;
                    ping;
                }
            }
            interfaces {
                fe-0/0/3.0;
            }
        }
        security-zone VPN {
            host-inbound-traffic {
                system-services {
                    ping;
                }
            }
            interfaces {
                st0.10;
                st0.11;
            }
        }

    }
    policies {
    flow {
        tcp-mss {
            ipsec-vpn {
                mss 1350;
            }
        }
    }
}

Hits: 40