Cisco ASA to Juniper ScreenOS to Juniper JunOS Command Reference Cheat Sheet
Here is a basic reference sheet for looking up equivalent commands between a Cisco ASA and a Juniper ScreenOS (or Netscreen) SSG and a Juniper JunOS SRX firewall.
| Cisco ASA | Juniper ScreenOS (SSG) | Juniper JunOS (SRX) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| enable config t |
start cli configure |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| show log | get event | show log messages show log messages | last 20 (see the 20 most recent logs) |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| show ip | get interface | show interface terse | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| show failover | get nsrp | show log jsrp show chassis cluster [status|statistics|interfaces] |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| no failover active | exec nsrp vsd [vsd] mode backup | request chassis cluster failover redundancy-group [group] node | show route |
get route |
show route |
show connections |
get session |
show security flow session |
show clock |
get clock |
show system uptime |
show version (to get uptime) |
get system |
show system uptime |
show running-config |
get config |
show config |
show version (to get serial number) |
get chassis |
show chassis hardware detail |
show access-list |
get policy |
show security policies |
show crypto isakmp sa |
get ike cookie |
show security ike security-associations |
show crypto ipsec sa |
get sa |
show security ipsec security-associations |
clear crypto isakmp sa |
clear ike cookie |
clear security ike security-associations |
clear crypto ipsec sa |
clear sa |
clear security ipsec security-associations |
show cpu |
get perf cpu |
show chassis routing-engine |
show proc cpu-usage |
| show system processes extensive |
show int (for i/o of bytes) |
get counter statistics |
sh int |
show tech |
get tech |
request support information |
ssh x.x.x.0 y.y.y.0 inside |
set admin manager-ip x.x.x.0 y.y.y.0 |
set ssh enable set security zones security-zone TRUST host-inbound-traffic system-services ssh |
show run [cry isakmp|tunnel-group]? |
get ike gateway |
show config security ike |
show config security ipsec interface Ethernet1 |
shutdown set interface ethernet0/0 phy link-down |
set interfaces ge-0/0/3 disable |
interface Ethernet1 |
no shutdown unset interface ethernet0/0 phy link-down |
delete interfaces ge-0/0/3 disable |
route outside 1.1.1.0 255.255.255.0 1.1.1.2 |
set route 1.1.1.0/24 interface bgroup3/0 gateway 1.1.1.2 |
set routing-options static route 10.10.10.128/25 next-hop 172.16.100.1 |
logging host INSIDE 1.1.1.1 |
logging trap notification set syslog config 1.1.1.1 facilities local5 |
set syslog src-interface ethernet1/0 set syslog enable set system syslog source-address 10.14.4.4 |
set system syslog host 1.1.1.1 any notice ntp server 1.1.1.1 source OUTSIDE |
set ntp server 1.1.1.1 |
set ntp server src-interface ethernet3/0 set clock ntp exec ntp update set system ntp server 1.1.1.1 prefer |
capture CAP1 match ip host 1.1.1.1 host 2.2.2.2 |
clear db |
set console dbuf set ffilter src-ip 1.1.1.1 dst-ip 2.2.2.2 debug flow basic --- OR --- snoop filter ip src-ip 1.1.1.1 dst-ip 2.2.2.2 direction both clear dbuf snoop edit security flow traceoptions |
set file TSHOOT set flag basic-datapath set packet-filter IN-TO-OUT source-prefix 10.1.1.100/32 destination-prefix 10.2.0.3/32 show capture CAP1 |
get dbuf stream |
show log TSHOOT |
clear capture CAP1 |
undebug all |
unset ffilter --- OR --- snoop filter delete deactivate security flow traceoptions |
delete security flow traceoptions |