CLI for Juniper Firewalls and routers.

Posted on 2009-04-17
Last Modified: 2013-11-16
I am looking for a CLI guide for Juniper FWs and routers.

Question by:besmile4ever
    LVL 18

    Expert Comment

    What version are you using on Screenos and Junos bud and I can help you out, but you may find it easier to have a look yourself at :

    LVL 67

    Expert Comment

    The CLI reference itself and the help feature are your best friends. If you type a part of a command, then question mark, a command summary appears for matching commands or arguments. Pressing tab instead expands the command, if unique, or lists a choice of matching key words.

    Author Comment

    Hi all,
    agree with u Qlemo but some times u need more deeply technical commands to do it. For example u need to trace certain IP by applying filter on the firewall.
    how it can be done in an easy steps?
    LVL 67

    Expert Comment

    Are you asking how to issue related commands, or how to get the syntax for them? Some commands are "hidden", i.e. no help given by default.

    For IP debugging, following commands are usefull:
    set ffilter          - filter debug output based on src-/dst- ip/port or protocol
    snoop             - configure filter for packet capture, or start/stop capture
    ... fprofile ...     - create a complete traffic profile, which can be analyzed later by e.g. dst port

    for getting a complete syntax overview, have a look at
    get cm 0
    get cm 1
    get cm 5

    This gives you all variations of possible CLI commands - expect to read megabytes on text :-) Can't remember exactly, but I think you can even use the keyword "hidden" after the above commands to reveal even more "usefull" commands.


    Author Comment

    Good Qlemo,
    is there ny online resource for such commands...or at least check list?
    LVL 67

    Accepted Solution

    I did not come across an in-dept debugging command list yet. However, there are sites which cover the basics in part, like:

    Hidden Commands (2002):
    Flow Filter:

    If you search Internet for "ScreenOS debug", you will get a lot of such links.
    LVL 67

    Expert Comment


    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now