Here is a basic reference sheet for looking up equivalent commands between a Cisco ASA and a Juniper ScreenOS (or Netscreen) SSG and a Juniper JunOS SRX firewall.
| Cisco ASA | Juniper ScreenOS (SSG) | Juniper JunOS (SRX) |
|---|---|---|
| enable config t |
start cli configure |
|
| show log | get event | show log messages show log messages | last 20 (see the 20 most recent logs) |
| show ip | get interface | show interface terse |
| show failover | get nsrp | show log jsrp show chassis cluster [status|statistics|interfaces] |
| no failover active | exec nsrp vsd [vsd] mode backup | request chassis cluster failover redundancy-group [group] node |
| show route | get route | show route |
| show connections | get session | show security flow session |
| show clock | get clock | show system uptime |
| show version (to get uptime) | get system | show system uptime |
| show running-config | get config | show config |
| show version (to get serial number) | get chassis | show chassis hardware detail |
| show access-list | get policy | show security policies |
| show crypto isakmp sa | get ike cookie | show security ike security-associations |
| show crypto ipsec sa | get sa | show security ipsec security-associations |
| clear crypto isakmp sa | clear ike cookie | clear security ike security-associations |
| clear crypto ipsec sa | clear sa | clear security ipsec security-associations |
| show cpu | get perf cpu | show chassis routing-engine |
| show proc cpu-usage | show system processes extensive | |
| show int (for i/o of bytes) | get counter statistics | sh int |
| show tech | get tech | request support information |
| ssh x.x.x.0 y.y.y.0 inside | set admin manager-ip x.x.x.0 y.y.y.0 set ssh enable |
set security zones security-zone TRUST host-inbound-traffic system-services ssh |
| show run [cry isakmp|tunnel-group]? | get ike gateway | show config security ike show config security ipsec |
| interface Ethernet1 shutdown |
set interface ethernet0/0 phy link-down | set interfaces ge-0/0/3 disable |
| interface Ethernet1 no shutdown |
unset interface ethernet0/0 phy link-down | delete interfaces ge-0/0/3 disable |
| route outside 1.1.1.0 255.255.255.0 1.1.1.2 | set route 1.1.1.0/24 interface bgroup3/0 gateway 1.1.1.2 | set routing-options static route 10.10.10.128/25 next-hop 172.16.100.1 |
| logging host INSIDE 1.1.1.1 logging trap notification |
set syslog config 1.1.1.1 facilities local5 set syslog src-interface ethernet1/0 set syslog enable |
set system syslog source-address 10.14.4.4 set system syslog host 1.1.1.1 any notice |
| ntp server 1.1.1.1 source OUTSIDE | set ntp server 1.1.1.1 set ntp server src-interface ethernet3/0 set clock ntp exec ntp update |
set system ntp server 1.1.1.1 prefer |
| capture CAP1 match ip host 1.1.1.1 host 2.2.2.2 | clear db set console dbuf set ffilter src-ip 1.1.1.1 dst-ip 2.2.2.2 debug flow basic — OR — snoop filter ip src-ip 1.1.1.1 dst-ip 2.2.2.2 direction both clear dbuf snoop |
edit security flow traceoptions set file TSHOOT set flag basic-datapath set packet-filter IN-TO-OUT source-prefix 10.1.1.100/32 destination-prefix 10.2.0.3/32 |
| show capture CAP1 | get dbuf stream | show log TSHOOT |
| clear capture CAP1 | undebug all unset ffilter — OR — snoop filter delete |
deactivate security flow traceoptions delete security flow traceoptions |
Additional reading material regarding Juniper SSG and ScreenOS commands: http://www.juniper.net/techpubs/software/screenos/screenos6.2.0/index.html
Comments