Juniper SRX cheat sheet

Juniper SRX cheat sheet

After cli command we can enter to:

Operational MODE:


Save rescue config

To get back to rescue config:

Delete uncommitted commands

Show CPU, mem, and temperature

Show int traffic

Restart a process

Reboot router

Clean UP

Configurational MODE:

Turning off  smth

Load factory default config

Set root pass

Create new user

Turn on WEB

Turn on ssh


Change one port to the another

Change IP address without deleting it:

Copy a part of config to the another branch:

Go to top level:

Enter operational commands while editing:

Check config without commit:

Commit at the time:

Cancel commit at the time:

Commit to the rollback in time:


To see changes without committing:


Add ports to  VLAN:


Security zones:

Allow all host traffic in trust

Allow all host protocols in trust

Add interfaces in trust

Create trust-to-trust policy:


Site-to-site IPSec between Juniper and Cisco through Mikrotik’s NAT

Site-to-site IPSec between Juniper and Cisco through Mikrotik’s NAT

Since my company has been using Cisco and Juniper network equipment we have a lot of IPSec tunnels to remote branches. To achieve some sort of high-availability we have decided to implement one of the IPSec tunnels over an LTE network.

To do so we bought Mikrotik wAP LTE kit to get connected to an LTE network and obtained a public IP address from a mobile data operator.

So.. we have:

  1. Cisco ISR in the DC with public IP address
  2. Mikrotik wAP LTE with public IP address
  3. Juniper SRX100 in the branch with private address connected to Mikrotik

Cisco ISR config

Tunnel interface:

IPSec config:


Juniper SRX config

Adding to zone and allowing IKE on the interface:


Mikrotik config


IPsec debug on SRX

To debug IPSec on Juniper you can use this commands:

Phase 1

Phase 2