show configuration groups junos-defaults applications
show groups junos-defaultsshow system inforequest high-availability state suspend // Fail master to peer and set to ineligible
request high-availability state functional // Set device back as eligible
show high-availability state // View current HA state
show high-availability link // View current HA link state
show high-availability all // View high-availability state information
show high-availability control-link // View the control link statistics
show high-availability state-synchronization // View the synchronization state to the peer deviceset cli pager off
set cli config-output-format setNotes:
- These commands may not output in order so cannot be relied on when implementing to a blank configuration
show vpn flow // View active tunnels
show vpn flow tunnel-id <id> // More information about the tunnel from above
show vpn ike-sa
show vpn ipsec-sa
clear vpn ike-sa <gateway-name>
clear vpn ipsec-sa <tunnel name>
test vpn ike-sa gateway <gateway-name>
test vpn ipsec-sa tunnel <tunnel name>show system state | match chassis.ledstest nat-policy-match source <source> destination <dest> protocol 6 destination-port <tcp port>
test security-policy-match source <source> destination <dest> protocol 6 destination-port <tcp port>request high-availability state suspend !! passive firewall
Upgrade passive to 4.1.7
request high-availability state suspend !! Current old version active firewall
request high-availability state functional !! Newly upgraded firewall (Outage until this command completes)
Upgrade old active firewall to 4.1.7
request high-availability state functional - Newly upgraded firewallNotes:
- HA processes can take up to 5 minutes to start up after reboot
test url <url>show system setting ssl-decrypt exclude-cache !! View cache of urls to NOT decrypt
set ssl decrypt ssl-exclude <url>
delete ssl decrypt ssl-exclude <url>