以下命令留着自己用 都是从yeslab现任明教教主那看的。。。

恢复系统默认配置

load factory-default

升级os

request system software add validate reboot ftp://1.1.1.1/jinstall-10.0r4.7-export-signed

重启系统

run request system reboot

查看借口状态

run show interfaces terse

进入shell

run start shell

使用管道符匹配特定关键字

>show interfaces detail | match fe-0/0/0

帮组信息

>help reference security policy-security

搜索命令

>help apropos security

#help apropos security

传统set配置

set interfaces fe-0/0/0.1 family inet address 1.1.1.1/24

show interfaces fe-0/0/0.1 family inet

address 1.1.1.1/24

edit配置：

edit interfaces fe-0/0/0.1 family inet

set address 1.1.1.2/24

层次切换

edit interfaces fe-0/0/0

up

查看set格式的配置

show | display set

查看代交与当前配置差别

show | compare

查看恢复配置

rollback ？

清楚未被提交的配置

clear system commit

为接口fe-0/0/0.0配置ip地址

edit interfaces fe-0/0/0.0

set family inet address 202.100.1.10/24

为接口fe-0/0/0.0放入outside zone

edit security zones security-zone outside

set interfaces fe-0/0/0.0

commit

run ping 202.100.1.10

把接口fe-0/0/1.0放入vlan3

edit interfaces fe-0/0/1.0

set ethernet-switching vlan members 3

为vlan3的svi接口vlan.3配置接口地址

edit interfaces vlan.3

set family inet address 202.100.2.10、24

把vlan.3放入outside zone

edit security zones security-zone outside

set interfaces vlan.3

查看统计利用率

show system processes extensive

重启系统进程

restart chassis-control gracefully

修改密码

set system root-authentication plain-text-password

配置静态路由

edit routing-options static

set route 202.100.100.0/24 next-hop 202.100.1.1

查看路由表

show route

配置默认路由

edit routing-options static

set static route 0/0 next-hop 202.100.1.1

配置security policy放行inside1到outside的所有流量

edit security policies from-zone inside1 to-zone outside

edit policy permit-all

set match source-address any

set match destination-address any

set match application any

set then permit

exit

commit

配置outside区域address-book

edit security zones security-zone outside

set address-book address sp1-router 202.100.1.1/32

set address-book address sp2-router 202.100.2.1/32

在security policy调用address-book

edit security policies from-zone inside1 to-zone outside

delete policy permit-all

edit policy permit-all-use-address-book

set match source-address inside1-network

set match destination-address sp-routers

set match application any

set then permit

applications配置

edit applications application tcp-3032

set protocol tcp destination-port 3032

配置applications application-set

edit applications application-set yeslab-app-set

set application tcp-3032

securitypolicy调用application

edit security policies from-zone inside1 to-zone outside

delete policy permit-all-use-address-book

edit policy permit-inside1-to-outside

set match source-address inside1-network

set match destination-address sp-routers

set match application yeslab-app-set

set then permit

查看策略

show security policies

show security policies detail

show security policies from-zone inside1 to-zone outside

查看flow session

show flow session