Cisco ASA to Juniper ScreenOS to Juniper JunOS Command Reference Cheat Sheet

| Comments

Here is a basic reference sheet for looking up equivalent commands between a Cisco ASA and a Juniper ScreenOS (or Netscreen) SSG and a Juniper JunOS SRX firewall.

Cisco ASA Juniper ScreenOS (SSG) Juniper JunOS (SRX)
show log get event show log messages
show log messages | last 20 (see the 20 most recent logs)
show ip get interface show interface terse
show failover get nsrp show log jsrp
show chassis cluster [status|statistics|interfaces]
no failover active exec nsrp vsd [vsd] mode backup request chassis cluster failover redundancy-group [group] node
show route get route show route
show connections get session show security flow session
show clock get clock show system uptime
show version (to get uptime) get system show system uptime
show running-config get config show config
show version (to get serial number) get chassis show chassis hardware detail
show access-list get policy show security policies
show crypto isakmp sa get ike cookie show security ike security-associations
show crypto ipsec sa get sa show security ipsec security-associations
clear crypto isakmp sa clear ike cookie clear security ike security-associations
clear crypto ipsec sa clear sa clear security ipsec security-associations
show cpu get perf cpu show chassis routing-engine
show proc cpu-usage show system processes extensive
show int (for i/o of bytes)  get counter statistics sh int
ssh x.x.x.0 y.y.y.0 inside set admin manager-ip x.x.x.0 y.y.y.0
set ssh enable
set security zones security-zone TRUST host-inbound-traffic system-services ssh
show run [cry isakmp|tunnel-group]? get ike gateway show config security ike
show config security ipsec
interface Ethernet1
shutdown
set interface ethernet0/0 phy link-down set interfaces ge-0/0/3 disable
interface Ethernet1
no shutdown
unset interface ethernet0/0 phy link-down delete interfaces ge-0/0/3 disable
route outside 1.1.1.0 255.255.255.0 1.1.1.2 set route 1.1.1.0/24 interface bgroup3/0 gateway 1.1.1.2 set routing-options static route 10.10.10.128/25 next-hop 172.16.100.1
logging host INSIDE 1.1.1.1
logging trap notification
set syslog config 1.1.1.1 facilities local5
set syslog src-interface ethernet1/0
set syslog enable
set system syslog source-address 10.14.4.4
set system syslog host 1.1.1.1 any notice
ntp server 1.1.1.1 source OUTSIDE set ntp server 1.1.1.1
set ntp server src-interface ethernet3/0
set clock ntp
exec ntp update
set system ntp server 1.1.1.1 prefer
capture CAP1 match ip host 1.1.1.1 host 2.2.2.2 clear db
set console dbuf
set ffilter src-ip 1.1.1.1 dst-ip 2.2.2.2
debug flow basic

— OR —

snoop filter ip src-ip 1.1.1.1 dst-ip 2.2.2.2 direction both
clear dbuf
snoop
edit security flow traceoptions
set file TSHOOT
set flag basic-datapath
set packet-filter IN-TO-OUT source-prefix 10.1.1.100/32 destination-prefix 10.2.0.3/32
show capture CAP1 get dbuf stream show log TSHOOT
clear capture CAP1 undebug all
unset ffilter

— OR —

snoop filter delete
deactivate security flow traceoptions
delete security flow traceoptions

Additional reading material regarding Juniper SSG and ScreenOS commands: http://www.juniper.net/techpubs/software/screenos/screenos6.2.0/index.html

Comments