Popular
Latest Articles
- Checkpoint Web Visualization only provides part of the policy
- Running a packet capture on a SourceFire Sensor
- File download fails through Netscreen when using IE6 with Passive FTP
- I am unable to clear the VPN SA`s using the vpn tu command
- encryption failure: According to the policy the packet should not have been decrypted
Juniper Netscreen Commands
Firewalls - Juniper - Netscreen
The following commands were obtained from a NS5GT running ScreenOS 6.2. Commands on other software/hardware platforms may vary.
Interface
| get counter statistics | Show interface statistics (CRC errors etc) |
| get interface trust port phy | Show physical ports for a certain zone |
| get driver phy | Show all link states of interfaces |
| get counter statistics interface ethernet3 | Show hardware stats on interface |
| set interface [interface] no-subnet-conflict-check | Allows you to configure multiple interfaces in the same IP broadcast domain. |
Current Settings / Values
| get envar | get environment variable |
| get config | get device configuration |
| get system | get system information |
| get arp | get arp cache |
| get route | get routing table |
| get system | i Box | get port-mode |
| get alg h323 counters | get the ALG counters |
| get alg | get status of ALGs (disabled or enabled) |
| get sys-cfg | get default settings for the device |
| get sys scale | get basic system limits |
| get debug | get currently enabled debug level |
| get tcp | get system socket information |
NAT
| get mip | get mip (nat) |
| get vip | get vip (nat) |
| get nat cookie | get show nat cookies |
Statistics / Performance
| get perf cpu detail | get cpu performance |
| get session info | get load on firewall |
| get counter flow | Show flow stats (fragmentation etc) |
| get counter screen | Show screen stats (SYN Floods etc) |
VPN
| clear ike-cookie [gateway ip] | clear ike cookies |
| clear sa [id] | clear sa |
| get vpn | show vpns |
NSRP
| get nsrp cluster | Show cluster info |
| get nsrp monitor | Show list of monitored interfaces |
| get nsrp vsd id 0 | Show VSD id 0 |
| get counters ha | Show HA interface hardware counters |
| exec nsrp sync global-config check-sum | Allows you to see if the cluster configs are syncronised |
| exec nsrp sync global save | Sync's the nodes.A reboot is required to complete the update. |
| exec nsrp vsd-group 0 mode | Fails over the cluster. Run this command on the Master node. |
IGMP
| set interface ethernet0/1 igmp router | enable IGMP on interface eth0/1 |
| get vrouter trust-vr protocol pim | get the multicast sources visible to your ScreenOS device |
Misc
| set exec port-mode | set the port mode |
| set flow tcp-mss 1460 | sets the MSS |
We have 16 guests online