Cisco ASA to Juniper ScreenOS to Juniper JunOS Command Reference Cheat Sheet

| Comments

Here is a basic reference sheet for looking up equivalent commands between a Cisco ASA and a Juniper ScreenOS (or Netscreen) SSG and a Juniper JunOS SRX firewall.

Cisco ASA Juniper ScreenOS (SSG) Juniper JunOS (SRX)
config t
start cli
show log get event show log messages
show log messages | last 20 (see the 20 most recent logs)
show ip get interface show interface terse
show failover get nsrp show log jsrp
show chassis cluster [status|statistics|interfaces]
no failover active exec nsrp vsd [vsd] mode backup request chassis cluster failover redundancy-group [group] node
show route get route show route
show connections get session show security flow session
show clock get clock show system uptime
show version (to get uptime) get system show system uptime
show running-config get config show config
show version (to get serial number) get chassis show chassis hardware detail
show access-list get policy show security policies
show crypto isakmp sa get ike cookie show security ike security-associations
show crypto ipsec sa get sa show security ipsec security-associations
clear crypto isakmp sa clear ike cookie clear security ike security-associations
clear crypto ipsec sa clear sa clear security ipsec security-associations
show cpu get perf cpu show chassis routing-engine
show proc cpu-usage show system processes extensive
show int (for i/o of bytes)  get counter statistics sh int
show tech  get tech request support information
ssh x.x.x.0 y.y.y.0 inside set admin manager-ip x.x.x.0 y.y.y.0
set ssh enable
set security zones security-zone TRUST host-inbound-traffic system-services ssh
show run [cry isakmp|tunnel-group]? get ike gateway show config security ike
show config security ipsec
interface Ethernet1
set interface ethernet0/0 phy link-down set interfaces ge-0/0/3 disable
interface Ethernet1
no shutdown
unset interface ethernet0/0 phy link-down delete interfaces ge-0/0/3 disable
route outside set route interface bgroup3/0 gateway set routing-options static route next-hop
logging host INSIDE
logging trap notification
set syslog config facilities local5
set syslog src-interface ethernet1/0
set syslog enable
set system syslog source-address
set system syslog host any notice
ntp server source OUTSIDE set ntp server
set ntp server src-interface ethernet3/0
set clock ntp
exec ntp update
set system ntp server prefer
capture CAP1 match ip host host clear db
set console dbuf
set ffilter src-ip dst-ip
debug flow basic

— OR —

snoop filter ip src-ip dst-ip direction both
clear dbuf
edit security flow traceoptions
set file TSHOOT
set flag basic-datapath
set packet-filter IN-TO-OUT source-prefix destination-prefix
show capture CAP1 get dbuf stream show log TSHOOT
clear capture CAP1 undebug all
unset ffilter

— OR —

snoop filter delete
deactivate security flow traceoptions
delete security flow traceoptions

Additional reading material regarding Juniper SSG and ScreenOS commands: