Shulou(Shulou.com)06/01 Report--

Remote basic configuration

Root@SRX1# show | display set

Set version 12.1X44.4

Set system host-name SRX1

Set system time-zone Asia/Shanghai

Set system root-authentication encrypted-password "$1 $0m2EDDUB$hW0MnI7hQFLfmFmROx02B1"

Set system name-server 114.114.114.114

Set system services ssh

Set system services web-management http

Set system ntp server 62.201.225.9

Set interfaces ge-0/0/0 unit 0 family inet address 192.168.130.212/24

Set interfaces ge-0/0/1 unit 0 family inet address 1.1.1.254/24

Set routing-options static route 0.0.0.0/0 next-hop 192.168.130.2

Set security nat source rule-set NAT-Policy from zone trust

Set security nat source rule-set NAT-Policy to zone untrust

Set security nat source rule-set NAT-Policy rule Trust-Untrust-Interface-NAT match source-address 1.1.1.0/24

Set security nat source rule-set NAT-Policy rule Trust-Untrust-Interface-NAT then source-nat interface

Set security policies from-zone trust to-zone untrust policy Permit-ALL match source-address any

Set security policies from-zone trust to-zone untrust policy Permit-ALL match destination-address any

Set security policies from-zone trust to-zone untrust policy Permit-ALL match application any

Set security policies from-zone trust to-zone untrust policy Permit-ALL then permit

Set security zones security-zone untrust host-inbound-traffic system-services ping

Set security zones security-zone untrust host-inbound-traffic system-services ssh

Set security zones security-zone untrust host-inbound-traffic system-services http

Set security zones security-zone untrust interfaces ge-0/0/0.0

Set security zones security-zone trust host-inbound-traffic system-services ping

Set security zones security-zone trust host-inbound-traffic system-services ssh

Set security zones security-zone trust host-inbound-traffic system-services http

Set security zones security-zone trust interfaces ge-0/0/1.0

Set security nat static rule-set static-nat from zone untrust

Set security nat static rule-set static-nat rule rule1 match destination-address 192.168.130.199/32

Set security nat static rule-set static-nat rule rule1 then static-nat prefix 1.1.1.1/32

Set security nat proxy-arp interface ge-0/0/0.0 address 192.168.130.199/32

Set security zones security-zone trust address-book address test 1.1.1.1/32

Set security zones security-zone trust address-book address-set 1.1.1.1 address test

Set applications application 3389 protocol tcp

Set applications application 3389 destination-port 3389

Set applications application-set 3389-3389 application 3389

Set security policies from-zone untrust to-zone trust policy 1 match source-address any

Set security policies from-zone untrust to-zone trust policy 1 match destination-address test

Set security policies from-zone untrust to-zone trust policy 1 match application 3389-3389

Set security policies from-zone untrust to-zone trust policy 1 then permit

=

Root@SRX2 > show interfaces terse | match g to view the API configuration

Root@SRX2# show | display set to view the configuration of Set format

Root@SRX2# show | compare looks at the difference between the submitted configuration and the current running configuration

Root@SRX2 > clear system commit clears uncommitted configurations

Root@SRX2 > show system uptime View system clock

Root@SRX2# commit at "2016-09-30 13:48:00" saves the configuration at the specified time

Root@SRX2# commit comment "Only test" describes the submitted configuration

Root@SRX2 > show system commit to view the submitted configuration instructions (including the submitted configuration instructions)

Root@SRX2# rollback? View recoverable configuration

Root@SRX2# rollback 9 restores a certain configuration, which requires commit configuration to take effect.

Root@SRX2# commit confirmed confirms that the configuration command is submitted (the configuration is not confirmed within ten minutes, and the configuration is automatically restored to before submission)

Root@SRX2# commit and-quit confirms and exits

Root@SRX2# set system host-name My-SRX set hostname

Root@SRX2# set system name-server 114.114.114.114 set DNS

Root@SRX2 > show system uptime View time

Root@SRX2# set system time-zone Asia/Shanghai sets the time zone

Root@SRX2 > set date 200808080808.08 manually set time

Root@SRX2# set system ntp server 3.asia.pool.ntp.org sets NTP

Root@SRX2 > show ntp associations View NTP

Root@SRX2 > show ntp status View NTP

Root@SRX2 > request system reboot restart the system

Root@SRX2 > request system power-off shut down the system

Root@SRX2# set system root-authentication plain-text-password modifies root password

Root@SRX2# set system login user zqb class super-user authentication plain-text-password sets the remote login password

Recover root password

Loading / boot/defaults/loader.conf

/ kernel text=0x894aa0 data=0x4d050+0x100b2c syms= [0x4+0x92cf0+0x4+0xd1487]

/ boot/modules/libmbpool.ko text=0xd9c data=0x100

/ boot/modules/if_em_vjx.ko text=0xb794 data=0x5ec+0x204 /

Hit [Enter] to boot immediately, or space bar for command prompt.

=

Press the Spacebar at this time

OK boot-s

=

Enter single-user mode

System watchdog timer disabled

Enter full pathname of shell or 'recovery' for root password recovery or RETURN for / bin/sh: recovery

=

Enter password recovery mode

Starting CLI...

Root@SRX2 >

Root@SRX2# set system services ssh root-login deny forbids root login of ssh

Root@SRX2# set system services ssh enables SSH

Root@SRX2# set system services web-management http starts web management

Root@SRX2 > show version View version

Root@SRX2 > show system license to view authorization information

Root@SRX2 > request system license add terminal load authorization information (enter + Ctrl+D ends)

Root@SRX2 > show cli history View History command

Root@SRX2 > show system processes extensive to view system utilization

Root@SRX2 > restart chassis-control gracefully restart the system process

Set security zones security-zone trust address-book address 1.1.1.1 1.1.1.1/32

Set security zones security-zone trust address-book address 1.1.1.2 1.1.1.2/32

Set security zones security-zone trust address-book address-set Inside address 1.1.1.1

Set security zones security-zone trust address-book address-set Inside address 1.1.1.2

Set applications application 3389 protocol tcp

Set applications application 3389 destination-port 3389

Set applications application-set 3389-3389 application 3389

Set schedulers scheduler test-scheduler daily start-time 09:00 stop-time 18:00

Set schedulers scheduler test-scheduler sunday exclude

Set schedulers scheduler test-scheduler saturday exclude

Set schedulers scheduler one-time start-date 2016-10-18.09 00 stop-date 2016-10-18.1815

Set security policies from-zone trust to-zone untrust policy Permit-ALL scheduler-name test-scheduler

Set security nat static rule-set static-nat from zone untrust

Set security nat static rule-set static-nat rule rule1 match destination-address 192.168.130.199/32

Set security nat static rule-set static-nat rule rule1 then static-nat prefix 1.1.1.1/32

Set security nat proxy-arp interface ge-0/0/0.0 address 192.168.130.199/32

Set security zones security-zone trust address-book address test 1.1.1.1/32

Set security zones security-zone trust address-book address-set 1.1.1.1 address test

Set applications application 3389 protocol tcp

Set applications application 3389 destination-port 3389

Set applications application-set 3389-3389 application 3389

Set security policies from-zone untrust to-zone trust policy 1 match source-address any

Set security policies from-zone untrust to-zone trust policy 1 match destination-address test

Set security policies from-zone untrust to-zone trust policy 1 match application 3389-3389

Set security policies from-zone untrust to-zone trust policy 1 then permit

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.