juniper srx: useful commands

Will update this post as I find useful commands.

Reset dynamic VPN due to connectivity issues: restart ipsec-key-management

Show logged on users: show system users
Logout connected user: request system logout user username terminal session

Show open sessions: show security flow session
View running Junos applications: show configuration groups junos-defaults applications
Show current sessions: show security flow session

Show system snapshot: show system snapshot media internal
Show system software backup: show system software backup

Delete autorecovery config: request system autorecovery state clear
Save autorecovery config: request system autorecovery state save

Delete rescue config: request system configuration rescue delete
Save rescue config: request system configuration rescue save
Load rescue config: rollback rescue, then commit

Upgrade bootloader: go to shell by typing “start shell” in cli
bootupgrade –u /boot/uboot –l /boot/loader

View BIOS version: show chassis routing-engine bios
View BIOS version and available upgrade: show system firmware
View current and upgrade BIOS with backup: request system firmware upgrade re bios backup
Check status of BIOS upgrade: show system firmware

View contents of a directory: file list directory
Show system directory usage: show system directory-usage /cf
Check disk space: show system storage detail
View contents of a directory: file list directory
Delete a file: file delete /var/tmp/xyz

Cleanup storage space: request system storage cleanup
Delete upgrade package backup: request system software delete-backup

Show device name, model and software version: show version

Upgrade software through ssh: put a copy of Junos software on a ftp location your device can access upon connecting (do not put where you have to browse to after connection). This needs to be done right after you are logged on to the device, and not in cli.

Login to ftp: ftp ip
Change directory to /var/tmp: lcd /var/tmp
Type bin and hit enter
Command to download the file to device: get junos-srxsme-12.1X46-D40.2-domestic.tgz
Type bye to exit ftp mode when file is downloaded successfully and go to cli.
Invoke the following command to install: request system software add no-copy /var/tmp/junos-srxsme-12.1X46-D40.2-domestic.tgz
Install may take a hot minute so be patient. Once this is complete reboot your device: request system reboot

Juniper Junos: change timeout settings for ssh/telnet/web console

To change application timeout:
ssh: set applications application junos-ssh inactivity-timeout 1440
telnet: set applications application junos-telnet inactivity-timeout 1440
web: set system services web-management session idle-timeout 1440

Note: auto complete does not work after application, so you will have to type it all in.

To view timeout settings, exit to cli
start shell user root
vty fwdd
show usp app-def tcp

And you’re done.

Juniper SRX: configure PoE on all ports

Quick and dirty way is to go to cli/configure and copy/paste the following:
set poe interface all priority low maximum-power 15.4 telemetries
set poe management static guard-band 15
This will turn on all ports at power rates indicated above.
To check your PoE ports try the following in cli:
show poe interface
Result will look like:
root@ALiSRX210HE-PoE> show poe interface
Interface Admin status Oper status Max power Priority Power consumption Class
ge-0/0/0 Enabled Searching 15.4W Low 0.0W 0
ge-0/0/1 Enabled Searching 15.4W Low 0.0W 0
fe-0/0/2 Enabled Powered-up 15.4W Low 4.5W 0
fe-0/0/3 Enabled Searching 15.4W Low 0.0W 0

You can see status and power variables update frequently.

Misc: Comcast xfinity Technicolor TC8305C modem – bridge mode and disable firewall completely

Well… first off you can’t do either so stop right here.

To have your modem put in bridge mode you will have to call Comcast customer support. They will do it remotely for ya no questions asked. Once it is provisioned then you can logon to the modem and enable bridge mode.

Your modem can also assign an IP to your router in router mode. To put modem in semi-bridge mode go to Gateway, Firewall and select Custom Seruity. Click on the link and select “Disable entire firewall”. Now, go to Gateway and click on VIEW CONNECTED DEVICES. Note the IP address of your router and then go to Advanced, DMZ, enable DMZ and put your router’s IP there.

Windows: Cannot team Broadcom NetXtreme adapters. Please select an adapter with NDIS 6 driver error.

This is most likely caused by software firewall, such as Symantec EndPoint Protection or Vipre Enterprise. Disabling them usually won’t help either. You will have to uninstall the firewall and then attempt to team your adapters. If that didn’t work uninstall both firewall and BASP, install BASP, team and then reinstall your firewall.