Junos
Reply
Visitor
AXington
Posts: 2
Registered: ‎04-04-2012
0

noob question: Pulling configurations in CLI

I'm trying to pull the configuration of the firewall thru the CLI, I've not been able to find a command to do so. Is it actually possible?

Distinguished Expert
muttbarker
Posts: 2,285
Registered: ‎01-29-2008
0

Re: noob question: Pulling configurations in CLI

[ Edited ]

Lots of different ways - one of the easiest is just to ftp to a server 

 

save ftp://user:smileytongue:ass@1.1.1.1.1/filename

 

(That should read user : pass - can't turn off smiley face insert)

 

You can also automate process to execute on commit - etc.... 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Visitor
AXington
Posts: 2
Registered: ‎04-04-2012
0

Re: noob question: Pulling configurations in CLI

Not exactly what i'm looking for, what I'm trying to do is retrieve the current configuration of the firewall that's on the box (srx210) and analyze that data for security metrics. I want to see a list of open ports, allowed protocols, etc. I'd prefer to get it as an xml document so that I can parse all that data out of it.

Visitor
omoulton@adaptcom.com
Posts: 1
Registered: ‎03-29-2011
0

Re: noob question: Pulling configurations in CLI

Try show configuration | display xml. Adding | no-more will eliminuate the  ---(more)--- prompts.

Recognized Expert
JunOS_Fan
Posts: 241
Registered: ‎02-13-2012
0

Re: noob question: Pulling configurations in CLI

Hi,

 

to see the complete configuration - "root@srx>show configuration "

 

to see list of open ports ( like netstat -a output) , you may use "show system connections" operational mode , if you need the XML output  use | display xml , as mentioned in previous reply. 

 

In SRX, if you want to see what all protocols/services are enabled for inbound traffic, you may use - "show interfaces <int-name> extensive " and look for host-inbound-traffic

Best regards
Pradeep (JNCIP-SEC,ENT,SP)
www.networker.co.in
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.