Juniper SRX - View CPU Usage

show system processes summary
show system processes extensive

* Summary will provide a brief overview with the top 3 processes
* Extensive includes all processes


Checkpoint - cp_conf Command Reference

cp_conf client get        !! View configured GUI clients
cp_conf client add <ip>   !! Add a client to the current GUI clients list
cp_conf client del <ip> <ip> <etc>    !! Delete 1+ GUI clients
cp_conf client createlist <ip> <ip> <etc>     !! Create a new GUI list (will overwrite the old) and add 1+ GUI clients

cp_conf admin get         !! View configured administrators
cp_conf admin add <user> <pass> <a|w|r>   !! Add new admin user, a - read/write/manage admins, w - read/write, r - read only
cp_conf admin del <user> <user>     !! Delete 1+ admin users

cp_conf sic state         !! View current SIC status
cp_conf sic <key>         !! Initialize SIC state
cp_conf sic cert_pull <management-server> <object>      !! Pull the certificate of a DAIP object

cp_conf finger get        !! View the management server fingerprint

cp_conf lic get           !! View licenses
cp_conf lic add -f <file>   !! Add license from license file
cp_conf lic add -m <host> <date> <license-key> <SKU>      !! Add license manually
cp_conf lic del <signature-key>     !! Remove a lice

cp_conf ha <enable|disable> [norestart]   !! Enable/Disable HA. Add 'norestart' to command to keep device from preforming a cpstop;cpstart
cp_conf sxl <enable|disable>      !! Enable/Disable SecureXL

cp_conf snmp get        !! View current status of the SNMP module
cp_conf snmp <enable|disable>     !! Enabe/Disable SNMP

Juniper Netscreen - Disable Specific Log Messages

set log exclude-id <#> user-id <username> event-type <event-id> scr-ip <ip> src-netmask <netmask> dst-ip <ip> dst-netmask <netmask> dst-port <port> <success|failure>

You can set any of the above options to attempt to hide specific log messages. For instance, let's assume I wanted to stop logging the following admin login messages:

Feb 10 00:00:01 LocalFirewall: NetScreen device_id=LocalFirewall [Root]system-information-00519: ADM: Local admin authentication successful for login name admin (2014-02-10 00:00:01)

The following would work to suppress all successful logins with mesage id 00519 for the 'admin' user

set log exclude-id 1 user-id "admin" event-type 519 success


  • ScreenOS version 6.2+ required
  • A maximum of 10 exclude rules are allowed
More Information: Documentation

Packetbin Update - 2014 / 01

Hello all,

You may have noticed changes to the URLs and the site in general. We are working on moving Packetbin from a custom built CMS to Drupal. There are a few reasons for this,

  1. Comments are now a possibility. Comments may have worked on the old version but would have taken a bit too much time to implement compared to moving to a proper CMS engine.
  2. Easier user management
  3. Added functionality for submitters

There are many other features that make the move a good idea but the above 3 were some of the large reasons for this move. Please excuse any issues you may notice with the site or theme. If you have some suggestions, thoughts, or notice any bugs, please feel free to comment here.

It's important to note that the Scripts page has been renamed to 'Projects'. The scripts under this page have also had their URLs rewritten. I apologize if this breaks any bookmarks.

In the near future, there will also be a redesign of Packetbin. It's not likely to be too drastic but things will be changing a bit. We are still looking to find a good icon/logo for Packetbin, so if you have any thoughts, please feel free to comment here.

Packetbin Administration

Checkpoint - Gaia - Complete First Time Configuration Through Command Line

config_system -t <file>     # Create a blank template file for editing
config_system -f <file>     # Load settings for first time configuration from file
config_system -s "install_security_gw=true&<etc>"  # Load settings via string instead of file

install_security_gw=<true|false>     # $TAG_GW - Install security gateway?
install_ppak=<true|false>        # $TAG_PPAK - Install Performan Pack?
gateway_daip=<true|false>        # DAIP - Dynamic IP? This should be false if ClusterXL or this is a management server ($TAG_MGMT)
gateway_cluster_member=<true|false>    # ClusterXL - Enable ClusterXL?

install_security_managment=<true|false>        # $TAG_MGMT - Install management server?
install_mgmt_primary=<true|false>            # Optional Parameter - Primary Management Server? - Only this or the following can be true. Both cannot be true
install_mgmt_secondary=<true|false>            # Optional Parameter - Secondary Management Server? - Only this or the above can be true. Both cannot be true

install_mds_primary=<true|false>    # Primary MDS? - Only this or the following can be true. Both cannot be true
install_mds_secondary=<true|false>    # Secondary MDS? - Only this or the above can be true. Both cannot be true
install_mlm=<true|false>            # Install Multi-Customer Log Manager?
install_mds_interface=<interface>    # Define the MDS interface to use

mgmt_admin_name=<name>                # GUI Client Admin Name
mgmt_admin_passwd=<password>        # GUI Client Admin Password
mgmt_gui_clients_radio=<any|range|network|this>         # Choose "this" for a single IP address
mgmt_gui_clients_first_ip_field=<ip>                # If "range" chosen for mgmt_gui_clients_radio
mgmt_gui_clients_last_ip_field=<ip>                    # If "range" chosen for mgmt_gui_clients_radio
mgmt_gui_clients_ip_field=<ip>                        # If "network" chosen for mgmt_gui_clients_radio
mgmt_gui_clients_subnet_field=<0-32>                # If "network" chosen for mgmt_gui_clients_radio (this is the CIDR)
mgmt_gui_clients_hostname=<ip>                        # If "this" chose for mgmt_gui_clients_radio
ftw_sic_key=<blah>                                    # SIC password

admin_hash=<hash>                    # Optional Parameter - Set the admin password hash (can be grabbed from the firewall by running 'grep admin /etc/shadow | cut -d: -f2')
iface=<interface>                    # Optional Parameter - Management interface name
ipaddr_v4=<ipv4>                    # Management interface IP address (if this is overriding current IP, the current IP will be kept as a secondary address so that we don't lost access. This IP will need to be deleted after configuration)
masklen_v4=<0-32>                    # Management interface netmask (CIDR)
ipaddr_v6=<ipv6>                    # Managetment interface IPv6 address
masklen_v6=<ipv6>                    # Managetment interface IPv6 subnet
hostname=<name>                        # Optional Parameter - Device Hostname
timezone='<ETC/GMT-5/etc>'            # Optional Parameter - Set the timezone
domainname=<>            # Optional Parameter
ntp_primary=<ip>                    # Optional Parameter
ntp_primary_version=<version>        # Optional Parameter
ntp_secondary=<ip>                    # Optional Parameter
ntp_secondary_version=<version>        # Optional Parameter
primary=<ip>                        # Optional Parameter - DNS Server IP
secnondary=<ip>                        # Optional Parameter - DNS Server IP
tertiary=<ip>                        # Optional Parameter - DNS Server IP


  • Add --dry-run to test configuration settings before implementation
  • A reboot will be required to complete the configuration
More Information: Documentation

Cisco ASA - ESMTP TLS Inspection

policy-map type inspect esmtp tls-esmtp
    no mask-banner     !! may only be required if you notice issues related to the banner

policy-map global_policy
  class inspection_default
    no inspect esmtp
    inspect esmtp tls-esmtp
More Information: Documentation

Juniper SRX - Capture 1

!! Create the capture
edit security flow traceoptions
set security flow traceoptions file <captureFileName>
set security flow traceoptions flag basic-datapath
set security flow traceoptions flag packet-drops
set security flow traceoptions level 15
set security flow traceoptions packet-filter filter1 source-prefix <ip>
set security flow traceoptions packet-filter filter1 destination-prefix <ip>
set security flow traceoptions packet-filter filter2 source-prefix <ip>
set security flow traceoptions packet-filter filter2 destination-prefix <ip>
run monitor start <captureFileName>

!! Kill the capture
monitor stop <captureFileName>
clear log <captureFileName>            !! Clear the log file
delete security flow traceoptions
file delete <captureFileName>