show configuration groups junos-defaults applications
show groups junos-defaults

[ # ]

show system info

[ # ]

request high-availability state suspend                     // Fail master to peer and set to ineligible
request high-availability state functional                    // Set device back as eligible
show high-availability state                        // View current HA state
show high-availability link                            // View current HA link state 
show high-availability all                             // View high-availability state information
show high-availability control-link                     // View the control link statistics
show high-availability state-synchronization         // View the synchronization state to the peer device

[ # ]

set cli pager off
set cli config-output-format set

Notes:

  • These commands may not output in order so cannot be relied on when implementing to a blank configuration

[ # ]

show vpn flow  // View active tunnels
show vpn flow tunnel-id <id>  // More information about the tunnel from above

show vpn ike-sa
show vpn ipsec-sa

clear vpn ike-sa <gateway-name>
clear vpn ipsec-sa <tunnel name>

test vpn ike-sa gateway <gateway-name>
test vpn ipsec-sa tunnel <tunnel name>

Documentation

[ # ]

show system state | match chassis.leds

[ # ]

test nat-policy-match source <source> destination <dest> protocol 6 destination-port <tcp port>
test security-policy-match source <source> destination <dest> protocol 6 destination-port <tcp port>

Documentation

[ # ]

request high-availability state suspend    !! passive firewall
Upgrade passive to 4.1.7

request high-availability state suspend   !! Current old version active firewall
request high-availability state functional   !! Newly upgraded firewall (Outage until this command completes)
Upgrade old active firewall to 4.1.7

request high-availability state functional - Newly upgraded firewall

Notes:

  • HA processes can take up to 5 minutes to start up after reboot

[ # ]

test url <url>

[ # ]

show system setting ssl-decrypt exclude-cache        !! View cache of urls to NOT decrypt
set ssl decrypt ssl-exclude <url>
delete ssl decrypt ssl-exclude <url>

Documentation

[ # ]