Junos
Junos

noob question: Pulling configurations in CLI

04.04.12   |  
‎04-04-2012 12:52 PM

I'm trying to pull the configuration of the firewall thru the CLI, I've not been able to find a command to do so. Is it actually possible?

4 REPLIES
Junos

Re: noob question: Pulling configurations in CLI

[ Edited ]
04.04.12   |  
‎04-04-2012 01:19 PM

Lots of different ways - one of the easiest is just to ftp to a server 

 

save ftp://userSmiley Tongueass@1.1.1.1.1/filename

 

(That should read user : pass - can't turn off smiley face insert)

 

You can also automate process to execute on commit - etc.... 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Junos

Re: noob question: Pulling configurations in CLI

04.05.12   |  
‎04-05-2012 06:41 AM

Not exactly what i'm looking for, what I'm trying to do is retrieve the current configuration of the firewall that's on the box (srx210) and analyze that data for security metrics. I want to see a list of open ports, allowed protocols, etc. I'd prefer to get it as an xml document so that I can parse all that data out of it.

Junos

Re: noob question: Pulling configurations in CLI

04.05.12   |  
‎04-05-2012 08:39 AM

Try show configuration | display xml. Adding | no-more will eliminuate the  ---(more)--- prompts.

Highlighted
Junos

Re: noob question: Pulling configurations in CLI

04.06.12   |  
‎04-06-2012 11:31 AM

Hi,

 

to see the complete configuration - "root@srx>show configuration "

 

to see list of open ports ( like netstat -a output) , you may use "show system connections" operational mode , if you need the XML output  use | display xml , as mentioned in previous reply. 

 

In SRX, if you want to see what all protocols/services are enabled for inbound traffic, you may use - "show interfaces <int-name> extensive " and look for host-inbound-traffic

Regards,
Pradeep JNCIE-SEC