以下命令留着自己用 都是从yeslab现任明教教主那看的。。。


恢复系统默认配置

load factory-default


升级os

request system software add validate reboot ftp://1.1.1.1/jinstall-10.0r4.7-export-signed


重启系统

run request system reboot


查看借口状态

run show interfaces terse


进入shell

run start shell


使用管道符匹配特定关键字

>show interfaces detail | match fe-0/0/0


帮组信息

>help reference security policy-security


搜索命令

>help apropos security

#help apropos security


传统set配置

set interfaces fe-0/0/0.1 family inet address 1.1.1.1/24

show interfaces fe-0/0/0.1 family inet

address 1.1.1.1/24


edit配置:

edit interfaces fe-0/0/0.1 family inet

set address 1.1.1.2/24


层次切换

edit interfaces fe-0/0/0

up


查看set格式的配置

show | display set


查看代交与当前配置差别

show | compare


查看恢复配置

rollback ?


清楚未被提交的配置

clear system commit


为接口fe-0/0/0.0配置ip地址

edit interfaces fe-0/0/0.0

set family inet address 202.100.1.10/24


为接口fe-0/0/0.0放入outside zone

edit security zones security-zone outside

set interfaces fe-0/0/0.0

commit

run ping 202.100.1.10


把接口fe-0/0/1.0放入vlan3

edit interfaces fe-0/0/1.0

set ethernet-switching vlan members 3


为vlan3的svi接口vlan.3配置接口地址

edit interfaces vlan.3

set family inet address 202.100.2.10、24


把vlan.3放入outside zone

edit security zones security-zone outside

set interfaces vlan.3


查看统计利用率

show system processes extensive


重启系统进程

restart chassis-control gracefully



修改密码

set system root-authentication plain-text-password


配置静态路由

edit routing-options static

set route 202.100.100.0/24 next-hop 202.100.1.1


查看路由表

show route


配置默认路由

edit routing-options static

set static route 0/0 next-hop 202.100.1.1


配置security policy放行inside1到outside的所有流量

edit security policies from-zone inside1 to-zone outside

edit policy permit-all

set match source-address any

set match destination-address any

set match application any

set then permit

exit

commit


配置outside区域address-book

edit security zones security-zone outside

set address-book address sp1-router 202.100.1.1/32

set address-book address sp2-router 202.100.2.1/32


在security policy调用address-book

edit security policies from-zone inside1 to-zone outside

delete policy permit-all

edit policy permit-all-use-address-book

set match source-address inside1-network

set match destination-address sp-routers

set match application any

set then permit


applications配置

edit applications application tcp-3032

set protocol tcp destination-port 3032


配置applications application-set

edit applications application-set yeslab-app-set

set application tcp-3032


securitypolicy调用application

edit security policies from-zone inside1 to-zone outside

delete policy permit-all-use-address-book

edit policy permit-inside1-to-outside

set match source-address inside1-network

set match destination-address sp-routers

set match application yeslab-app-set

set then permit


查看策略

show security policies

show security policies detail

show security policies from-zone inside1 to-zone outside


查看flow session

show flow session