Jatp Cli Reference Guide

CLI Command Reference Guide
Modified: 2019-03-13
Copyright © 2019, Juniper Networks, Inc.

Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States
and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective
owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.

Copyright © 2019 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the
year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at
https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of
that EULA.
ii Copyright © 2019, Juniper Networks, Inc.

Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Creating a Service Request with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Chapter 1 CLI Command Reference Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Hardware Appliance CLI Access via Keyboard and Monitor . . . . . . . . . . . 19
Configuration Wizard Command Prompt Progressions . . . . . . . . . . . . . . . . . 20
Hardware, Software and Virtual Appliance Access via SSH . . . . . . . . . . 22
CLI Help and Keyboard Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
SPECIAL CHARACTER REQUIREMENT . . . . . . . . . . . . . . . . . . . . . . . . . . 24
CLI Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
All-in-One CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Basic Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
CM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Core Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Server Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Collector Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Diagnosis Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
All-in-One CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Copyright © 2019, Juniper Networks, Inc. iii

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
set honeypot (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
set traffic-monitoring (for JATP700 Appliances only) (collector
mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
set traffic-filter (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
set protocols (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
set proxy (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
set (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
set appliance-type (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
set ip interface (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
set (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
set system-alert (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
show (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
show (core mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuration Wizard for the All-in-One Server . . . . . . . . . . . . . . . . . . . . . . . . 51
Core/CM Server CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
CM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Diagnosis Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
CoreCM CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
set (core mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
set system-alert (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
iv Copyright © 2019, Juniper Networks, Inc.

Table of Contents
set (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

set appliance-type (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
show (core mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
show (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Configuration Wizard for the CoreCM Server . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Mac OS X Engine CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Diagnosis Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Mac OS X Detection Engine CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 77
capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
histroy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
set (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
set (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
show (core mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
show (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Configuration Wizard Command Prompt Responses . . . . . . . . . . . . . . . . . . . 93
Traffic Collector CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Collector Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Diagnosis Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Copyright © 2019, Juniper Networks, Inc. v

Traffic Collector CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
set proxy (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
set honeypot (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
set protocols (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
set (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
set appliance-type (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
set traffic-filter (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
set traffic-monitoring (for JATP700 and JATP400 Appliances) (collector
mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
show (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Configuration Wizard Command Prompt Progressions . . . . . . . . . . . . . . . . . 116
Glossary of Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
vi Copyright © 2019, Juniper Networks, Inc.

List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Chapter 1 CLI Command Reference Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Table 3: Table 4-1 Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Table 4: Table 1-1 Keyboard Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Table 5: capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Table 6: cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Table 7: collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Table 8: copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Table 9: core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Table 10: diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Table 11: exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Table 12: gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Table 13: help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Table 14: history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Table 15: ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Table 16: ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Table 17: reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Table 18: restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Table 19: server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Table 20: set honeypot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Table 21: set traffic-monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Table 22: set traffic-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Table 23: set protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Table 24: set proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Table 25: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Table 26: set appliance-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Table 27: set ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Table 28: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Table 29: set system-alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Table 30: setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Table 31: show (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Table 32: show (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Table 33: show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Table 34: shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Table 35: traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Table 36: upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Table 37: updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Table 38: wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Copyright © 2019, Juniper Networks, Inc. vii

Table 39: Configuration Wizard for All-in-One Server . . . . . . . . . . . . . . . . . . . . . . . 51

Table 40: capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Table 41: cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Table 42: core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Table 43: copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Table 44: diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Table 45: exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Table 46: gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Table 47: help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Table 48: history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Table 49: ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Table 50: ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Table 51: reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Table 52: restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Table 53: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Table 54: server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Table 55: set system-alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Table 56: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Table 57: set appliance-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Table 58: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Table 60: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Table 61: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Table 62: shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Table 64: upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Table 66: wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Table 68: copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Table 69: core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Table 70: diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Table 71: exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Table 72: gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Table 73: help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Table 74: history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Table 75: ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Table 76: ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Table 77: reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Table 78: restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Table 79: server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Table 80: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Table 81: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Table 83: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Table 84: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Table 85: shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
viii Copyright © 2019, Juniper Networks, Inc.

List of Tables
Table 88: upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Table 89: wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Table 91: collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Table 92: copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Table 93: diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Table 94: exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Table 95: gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Table 96: help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Table 97: history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Table 98: ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Table 99: ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Table 100: reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Table 101: restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Table 102: server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Table 103: set proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Table 104: set honeypot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Table 105: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Table 106: set protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Table 107: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Table 108: set appliance-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Table 109: set traffic-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Table 110: set traffic-monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Table 112: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Table 113: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Table 114: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Table 115: shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Table 116: traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Table 117: wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Table 118: Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Copyright © 2019, Juniper Networks, Inc. ix

x Copyright © 2019, Juniper Networks, Inc.

About the Documentation
• Documentation and Release Notes on page xi

• Documentation Conventions on page xi
• Documentation Feedback on page xiii
• Requesting Technical Support on page xiv
Documentation and Release Notes

®
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website at
https://www.juniper.net/documentation/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at https://www.juniper.net/books.
Documentation Conventions
Table 1 on page xii defines notice icons used in this guide.
Copyright © 2019, Juniper Networks, Inc. xi

Table 1: Notice Icons
Icon Meaning Description
Informational note Indicates important features or instructions.
Caution Indicates a situation that might result in loss of data or hardware damage.
Warning Alerts you to the risk of personal injury or death.
Laser warning Alerts you to the risk of personal injury from a laser.
Tip Indicates helpful information.
Best practice Alerts you to a recommended use or implementation.
Table 2 on page xii defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
Convention Description Examples
Bold text like this Represents text that you type. To enter configuration mode, type the
configure command:
user@host> configure
Fixed-width text like this Represents output that appears on the user@host> show chassis alarms
terminal screen.
No alarms currently active
Italic text like this • Introduces or emphasizes important • A policy term is a named structure
new terms. that defines match conditions and
• Identifies guide names. actions.
• Junos OS CLI User Guide
• Identifies RFC and Internet draft titles.
• RFC 1997, BGP Communities Attribute
Italic text like this Represents variables (options for which Configure the machine’s domain name:
you substitute a value) in commands or
configuration statements. [edit]
root@# set system domain-name
domain-name
xii Copyright © 2019, Juniper Networks, Inc.

Table 2: Text and Syntax Conventions (continued)
Convention Description Examples
Text like this Represents names of configuration • To configure a stub area, include the
statements, commands, files, and stub statement at the [edit protocols
directories; configuration hierarchy levels; ospf area area-id] hierarchy level.
or labels on routing platform • The console port is labeled CONSOLE.
components.
< > (angle brackets) Encloses optional keywords or variables. stub <default-metric metric>;
| (pipe symbol) Indicates a choice between the mutually broadcast | multicast

exclusive keywords or variables on either
side of the symbol. The set of choices is (string1 | string2 | string3)
often enclosed in parentheses for clarity.
# (pound sign) Indicates a comment specified on the rsvp { # Required for dynamic MPLS only
same line as the configuration statement
to which it applies.
[ ] (square brackets) Encloses a variable for which you can community name members [
substitute one or more values. community-ids ]
Indention and braces ( { } ) Identifies a level in the configuration [edit]

hierarchy. routing-options {
static {
route default {
; (semicolon) Identifies a leaf statement at a
nexthop address;
configuration hierarchy level.
retain;
}
}
}
GUI Conventions
Bold text like this Represents graphical user interface (GUI) • In the Logical Interfaces box, select
items you click or select. All Interfaces.
• To cancel the configuration, click
Cancel.
> (bold right angle bracket) Separates levels in a hierarchy of menu In the configuration editor hierarchy,
selections. select Protocols>Ospf.
Documentation Feedback
We encourage you to provide feedback so that we can improve our documentation. You
can use either of the following methods:
• Online feedback system—Click TechLibrary Feedback, on the lower right of any page
on the Juniper Networks TechLibrary site, and do one of the following:
Copyright © 2019, Juniper Networks, Inc. xiii

• Click the thumbs-up icon if the information on the page was helpful to you.
• Click the thumbs-down icon if the information on the page was not helpful to you
or if you have suggestions for improvement, and use the pop-up form to provide
feedback.
• E-mail—Send your comments to techpubs-comments@juniper.net. Include the document

or topic name, URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or Partner Support Service
support contract, or are covered under warranty, and need post-sales technical support,
you can access our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,

review the JTAC User Guide located at
https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit

https://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
• Find CSC offerings: https://www.juniper.net/customers/support/
• Search for known bugs: https://prsearch.juniper.net/
• Find product documentation: https://www.juniper.net/documentation/
• Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
• Download the latest versions of software and review release notes:

https://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:

https://kb.juniper.net/InfoCenter/
xiv Copyright © 2019, Juniper Networks, Inc.

• Join and participate in the Juniper Networks Community Forum:

https://www.juniper.net/company/communities/
• Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
Creating a Service Request with JTAC

You can create a service request with JTAC on the Web or by telephone.
• Visit https://myjuniper.juniper.net.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see

https://support.juniper.net/support/requesting-support/.
Copyright © 2019, Juniper Networks, Inc. xv

xvi Copyright © 2019, Juniper Networks, Inc.

CHAPTER 1
• Preface on page 17
• Introduction on page 19
• All-in-One CLI Commands on page 25
• Core/CM Server CLI Commands on page 52
• Mac OS X Engine CLI Commands on page 75
• Traffic Collector CLI Commands on page 95
• Glossary of Terms on page 118
Preface
This preface contains the following sections:
• About This Guide on page 17

• Organization on page 17
• Typographical Conventions on page 18
• Related Documentation on page 18
About This Guide

This guide describes the commands that make up the command-line interface (CLI) of
the Juniper ATP Appliance.
This guide is intended for system administrators responsible for deploying, operating,
and maintaining the Juniper ATP Appliance.
Organization
This guide is organized as follows:
• “Introduction” on page 19—Includes an overview of CLI usage, CLI Modes and

information about how to access the Juniper ATP Appliance Command Line Interface.
• “All-in-One CLI Commands” on page 25—Provides information about system commands

for updating the product boot images, setting configurations, and defining system-level
settings for Collector and Detection Engine interfaces and network deployment services.
Copyright © 2019, Juniper Networks, Inc. 17

• “Core/CM Server CLI Commands” on page 52—Provides information about commands

available to the Core and Central Manager for all hardware appliance, software
appliance, and virtual appliance models, including the commands used to manage
Detection Engines and Juniper ATP Appliance system configuration.
• “Mac OS X Engine CLI Commands” on page 75—Provides information about Mac Mini
Mac OS X Detection Engine-specific commands for configuration and status monitoring.
• “Traffic Collector CLI Commands” on page 95—Provides information about the Juniper
ATP Appliance Traffic Collector commands available for identifying, monitoring, and
configuring distributed Collector hardware, software and virtual appliances.
• “Glossary of Terms” on page 118—Provides a set Juniper ATP Appliance-specific as well

as cybersecurity industry terms and definitions.
Typographical Conventions
This guide uses the following typographical conventions for special terms and instructions.
Table 3: Table 4-1 Typographical Conventions
Convention Meaning Example
courier font Coding examples and text to be entered at Enter the following command:
the command prompt
Click server set dns
A left-mouse button click.
Click Download IVP to perform endpoint
infection verification.
Double-click A double-click of the left mouse button. Double-click the report name to open in
the integrated SIEM application.
Right-click A right mouse button click. Right-click on the icon to view its
properties.
< | > (text in angle brackets; items Option for selection of required parameter interfaces set stp <on | off >
separated by the pipe symbols) and/or value.
[ ] (text in square brackets) Optional parameters and values, with show device alarm [cpu_util | paging]
selection options separated by the pipe
or symbol.
[ | ] (text in square brackets, items

separated by pipe symbols)
Related Documentation
The following is a list of additional Juniper ATP Appliance documentation:
18 Copyright © 2019, Juniper Networks, Inc.

Chapter 1: CLI Command Reference Guide
• Juniper ATP Appliance Release Notes— Describes the latest release of the Juniper ATP
Appliance software.
• Juniper ATP Appliance Quick Start Guides— Quick Starts describe how to install and
initially configure a Juniper ATP Appliance; refer to the Quick Start for your device or
model.
• Juniper ATP Appliance Operator’s Guide— The Operator’s Guide describes usage of
all aspect of the Juniper ATP Appliance All-in-One or distributed defense system.
• Juniper ATP Appliance CEF/SYSLOG Support for SIEM — This guide provides
information about Juniper ATP Appliance CEF and Syslog Logging for SIEM.
• Juniper ATP Appliance Safety and Regulatory Guide—Contains conformance and safety
information for Juniper ATP Appliances.
• Juniper ATP Appliance HTTP API Reference Guide— Provides Juniper ATP Appliance
HTTP API functions and information about usage.
Introduction
This chapter explains how to use the Juniper ATP Appliance command line interface
(CLI) to configure and administer a Juniper ATP Appliance.
This chapter contains the following sections:
• Accessing the CLI on page 19

• Configuration Wizard Command Prompt Progressions on page 20
• CLI Help and Keyboard Shortcuts on page 22
• CLI Modes on page 24
Accessing the CLI
Hardware Appliance CLI Access via Keyboard and Monitor
1. Connect the end of the keyboard cable to any of the USB ports on the back panel of
the appliance.
2. Connect the end of the video monitor cable to the VGA port on the back panel of the
appliance.
3. At the CLI prompt, enter your username and password. By default, the admin user
name is admin and the password is 1JATP234.
Be sure to change the default password for the admin account after initial setup; the
password must be at least 8 characters in length.
4. To launch the configuration wizard, enter the command wizard.

Configuration Wizard Command Prompt Progressions
NOTE: Enter CTRL-C to exit the Configuration Wizard at any time. If you exit
without completing the configuration, you will be prompted again whether
to run the Configuration Wizard.
You may also rerun the Configuration Wizard at any time with the CLI
command wizard.
Configuration Wizard Prompts Customer Response from Customer Response from Core Customer Response
All-in-One or Mac Mini from Collector
Use DHCP to obtain the IP We strongly discourage the use We strongly discourage the use We strongly discourage
address and DNS server address of DHCP addressing because it of DHCP addressing because it the use of DHCP
for the administrative interface changes dynamically. A static changes dynamically. A static addressing because it
(Yes/No)? IP address is preferred. IP address is preferred. changes dynamically. A
static IP address is
NOTE: Only if your DHCP Recommended: Recommended: preferred.
response is no,enter the
following information when Respond with no: Respond with no: Recommended:
prompted:
a. Enter an IP address a. Enter an IP address Respond with no:
a. IP address b. Enter a netmask using the b. Enter a netmask using the
form 255.255.255.0. form 255.255.255.0. a. Enter an IP address
b. Netmask
c. Enter a gateway IP address. c. Enter a gateway IP address. b. Enter a netmask
c. Enter a gateway IP address
using the form
for this management d. Enter the DNS server IP d. Enter the DNS server IP
255.255.255.0.
(administrative) interface: address address
c. Enter a gateway IP
d. Enter primary DNS server IP e. If yes, enter the IP address e. If yes, enter the IP address
address.
address. of the secondary DNS of the secondary DNS
server. server. d. Enter the DNS server
e. Do you have a secondary
IP address
DNS Server (Yes/No). f. Enter yes if you want DNS f. Enter yes if you want DNS
lookups to use a specific lookups to use a specific e. If yes, enter the IP
f. Do you want to enter the
domain. domain. address of the
search domains?
secondary DNS
g. Enter the search domain g. Enter space domain(s) g. Enter space domain(s)
server.
(separate multiple search separated by spaces; for separated by spaces; for
example: example.com example: example.com f. Enter yes if you want
domains by space):
lan.com dom2.com lan.com dom2.com DNS lookups to use a
Restart the administrative specific domain.
interface (Yes/No)? Enter yes to restart with the Enter yes to restart with the g. Enter space
new configuration settings new configuration settings domain(s) separated
applied. applied. by spaces; for
example:
example.com
lan.com dom2.com
Enter yes to restart with

the new configuration
settings applied.

Enter a valid hostname (enter a Type a hostname when Type a hostname when Type a hostname when
unique name) prompted; do not include the prompted; do not include the prompted; do not include
domain; for example: domain; for example: the domain; for example:
NOTE: Only alpha-numeric
characters and hyphens (in the juniperatp1 juniperatp1 juniperatp1
middle of the hostname) are
allowed.
[OPTIONAL] If the system Refer to “Configuring an Refer to “Configuring an [Traffic Collectors do not
detects a Secondary Core with Alternate Analysis Engine Alternate Analysis Engine send or receive Core
an eth3 port, then the alternate Interface” in the Juniper ATP Interface” in the Juniper ATP analysis engine CnC
CnC exhaust option is displayed: Appliance Operator’s Guide for Appliance Operator’s Guide for network traffic, so no
more information. more information. eth2 interface is
Use alternate-exhaust for the needed.]
analysis engine exhaust traffic Enter yes to configure an Enter yes to configure an
(Yes/No)? alternate eth2 interface. alternate eth2 interface.
Enter IP address for the Enter the IP address for the Enter the IP address for the
alternate-exhaust (eth2) eth2 interface. eth2 interface.
interface:
Enter the eth2 netmask. Enter the eth2 netmask.
Enter netmask for the
alternate-exhaust (eth2) Enter the gateway IP address. Enter the gateway IP address.
interface: (example:
255.255.0.0) Enter the primary DNS server Enter the primary DNS server
IP Address for the IP Address for the
Enter gateway IP Address for alternate-exhaust (eth2) alternate-exhaust (eth2)
the alternate-exhaust (eth2) interface. interface.
interface: (example:10.6.0.1)
Enter yes or no to confirm or Enter yes or no to confirm or
Enter primary DNS server IP deny an eth2 secondary DNS deny an eth2 secondary DNS
Address for the server. server.
alternateexhaust (eth2)
interface: (example: 8.8.8.8) Enter yes or no to indicate Enter yes or no to indicate
whether you want to enter whether you want to enter
Do you have a secondary DNS search domain. search domain.
server for the alternate-exhaust
(eth2) interface?
Do you want to enter the search

domains for the
alternateexhaust (eth2)
interface?
NOTE: A complete network

interface restart can take more
than 60 seconds
Regenerate the SSL self-signed Enter yes to create a new SSL Enter yes to create a new SSL Not applicable to
certificate (Yes/No)? certificate for the Juniper ATP certificate for the Juniper ATP Collector.
Appliance Server Web UI. Appliance Server Web UI.
If you decline the selfsigned If you decline the selfsigned

certificate by entering no, be certificate by entering no, be
prepared to install a certificate prepared to install a certificate
authority (CA) certificate. authority (CA) certificate.

Enter the following server Enter Yes; the system will Enter Yes; the system will Enter Yes; the system
attributes: auto-set IP 127.0.0.1 as the auto-set IP 127.0.0.1 as the will auto-set IP 127.0.0.1
All-in- One IP address. All-in- One IP address. as the All-in- One IP
Is this a Central Manager device: address.
Enter the Juniper ATP Enter the Juniper ATP
Device Name: (must be unique) Appliance Collector Host Appliance Collector Host Enter the Juniper ATP
Name; this identifies the Name; this identifies the Appliance Collector Host
Device Description
Collector in the Web UI. Collector in the Web UI. Name; this identifies the
Collector in the Web UI.
Device Key PassPhrase
Enter a device Description Enter a device Description
Enter a device
NOTE: Remember this
Enter a user-defined Enter a user-defined Description
passphrase and use it for all
PassPhrase to be used to PassPhrase to be used to
distributed devices!
authenticate the Core to the authenticate the Core to the Enter a user-defined
Central Manager. Central Manager. PassPhrase to be used
to authenticate the Core
to the Central Manager.
Hardware, Software and Virtual Appliance Access via SSH
To access the Juniper ATP Appliance CLI over the management network:
1. Start a terminal window session and use the ssh command to access the appliance.
For example, if the IP address of the appliance is 10.1.1.2, enter the following command:
xssh admin@10.1.1.2
2. When prompted, enter your password. By default, the admin user name is admin and
the password is 1JATP234.
3. To launch the configuration wizard, enter the command wizard.
# wizard
See “Configuration Wizard Command Prompt Progressions” on page 20 for steps.
CLI Help and Keyboard Shortcuts

To display Juniper ATP Appliance CLI help, type the command help to display CLI keys
and auto-completion usage.
For context-sensitive help, alternatively, enter a “?” to display either a list of possible
command completions with summaries, or the full syntax of the current command. A
subsequent repeat of this key, when a command has been resolved, will display a detailed
reference, as described below.
• Enter “?” at the prompt to display a list of the available commands in the current mode.
• Enter “?” after you type a command to display its available options and parameters.
• Enter “?” after a partially typed keyword to display command matches for
auto-completions

You can enter commands in abbreviated form if you enter enough characters to uniquely
identify each keyword. For example, the show interface command can be abbreviated
as:
sh in
To identify a command’s minimum abbreviation, type a few characters then press Tab.
When you have entered enough characters, the keyword is completed.
The following table outlines the available CLI shortcuts.
Table 4: Table 1-1 Keyboard Shortcuts
Action Shortcut Description
Auto-Completion Enter, Tab or Space Key Completes a partial command during

typing if enough characters are typed to
uniquely identify it.
Recall Ctrl+P or ↑ Retrieve previous command from CLI

history.
Ctrl+N or ↓
Retrieve next command from CLI history.
Ctrl+L or Ctrl+R
Clear the screen or Redisplay the current
command line.
Delete Ctrl+D Delete character.
Ctrl+H Delete character before cursor

(Backspace).
Ctrl+K
Delete all characters from cursor to end
Ctrl+U or Ctrl+W of line.
Delete all characters or words on line.
Cursor move Ctrl+A Move cursor to start of line.
Ctrl+B Move cursor back a single character.
Ctrl+E Move cursor to end of line.
Ctrl+F Move cursor forward a single character.
Character Transpose Ctrl+T Transpose character at the cursor with

preceding character.
Interrupt output Ctrl+C Interrupt presentation of the CLI output.
Replace !! Substitute the last command line
!N Substitute the Nth command line

(absolute as per 'history' command)
!-N Substitute the command line entered N

lines before (relative)

Table 4: Table 1-1 Keyboard Shortcuts (continued)
Exit mode or logout exit Exit current mode or exit the CLI session.
SPECIAL CHARACTER REQUIREMENT
You must enclose non-alphabet characters in double quotes in CLI commands; for
example:
Juniper ATP Appliance(server)# set passphrase “kfe$nd#$^S”
CLI Modes
The CLI commands that you can enter depend on your user privileges and the CLI
command mode. User roles are “admin” and “debugging.” The following table describes
the CLI command mode.
Note that the prompt in each mode includes the host name of the Juniper ATP Appliance.
Mode Description How to Exit
Basic Mode Monitor system operation and issue basic system commands. This is the Enter exit to log out of the
default login mode. The following prompt is displayed: CLI.
JATP#
CM Mode Monitor system history and upgrades from the Core or vCore in cm Enter exit to leave cm
(Central Manager) mode. mode.
JATP_Hostname# cm
JATP_Hostname (cm)# ?
Core Configuration To access Core configuration mode in the Core/CM, All-in- One, and Mac Enter exit to leave server
Mode Mini, enter “core” in Basic mode. The prompt changes to indicate the mode.
mode in parentheses:
JATP_Hostname# core
JATP_Hostname (core)# ?
Collector Configuration Configure the Juniper ATP Appliance Collector (includes all commands). Enter exit to leave server
Mode To access Collector configuration mode, enter “collector” in Basic mode. mode.
The prompt changes to indicate the mode in parentheses:
JATP_Hostname# collector
JATP_Hostname (collector)# ?
Diagnosis Packet Check Initial Setup, Diagnose, Monitor, Set GSS, and Configure the Juniper Enter exit to leave
Capture, Monitoring, ATP Appliance (includes all commands). To access Diagnosis mode, diagnosis mode.
GSS Reporting and enter “diagnosis” in Basic mode. The prompt changes to indicate the
Configuration Mode mode in parentheses:
JATP_Hostname# diagnosis
JATP_Hostname (diagnosis)# ?

Server Configuration Set up and monitor the system (includes all Basic commands plus Enter exit to leave server
Mode server-specific commands). To access Server configuration mode, enter mode.
“server” in Basic mode. The prompt changes to indicate the mode in
parentheses:
JATP-Hostname# server
JATP-Hostname (server)# ?
Wizard Configuration Configure the system during installation and setup the management Enter exit to leave wizard
Mode network and connected Juniper ATP Appliance components. To access mode.
wizard configuration mode, enter “wizard” in Basic mode. The prompt
changes to indicate the mode in parentheses:
JATP-Hostname# wizard
JATP-Hostname (wizard)# ?
See Also • All-in-One CLI Commands on page 25
All-in-One CLI Commands
This chapter describes the administration commands for a Juniper ATP Appliance
All-in-One server appliance, software appliance or virtual appliance.
These commands are used to configure the Juniper ATP Appliance All-in-One appliance,
manage configurations, and set system-level settings for interfaces, network services,
and SIEM integration.
NOTE: You must enclose non-alphabet characters in double quotes in CLI

commands.
• Basic Mode Commands on page 25

• CM Commands on page 26
• Core Mode Commands on page 26
• Server Mode Commands on page 26
• Collector Mode Commands on page 27
• Diagnosis Mode Commands on page 27
• All-in-One CLI Commands on page 27
• Configuration Wizard for the All-in-One Server on page 51
Basic Mode Commands

Use general system commands to configure the appliance, view appliance history, enter
other CLI modes, obtain help with CLI syntax, and to exit the CLI session.
The general commands are:

• cm on page 29
• core on page 30
• collector on page 29
• diagnosis on page 31
• exit on page 31
• help on page 33
• history on page 33
• server on page 36
• wizard on page 50
Refer to the sections in this guide to review CM Mode, Collector Mode, Core Mode,
Diagnosis Mode, Server Mode and Wizard mode commands per device-- All-in-One,
CoreCM, Traffic Collector and Mac OS X Detection Engine on a Mac Mini.
CM Commands
• exit on page 31
• help on page 33
• upgrade on page 49
Core Mode Commands

• exit on page 31
• help on page 33
• show (core mode) on page 46
• updateimage on page 50
Server Mode Commands

• exit on page 31
• help on page 33
• ifrestart on page 34
• ping on page 34
• reboot on page 35
• restart on page 35
• [Unresolved xref]

• set appliance-type (server mode) on page 41
• set system-alert (server mode) on page 44
• set (server mode) on page 42
• shutdown on page 48
• traceroute on page 49
Collector Mode Commands

• exit on page 31
• help on page 33
• set honeypot (collector mode) on page 37
• set traffic-monitoring (for JATP700 Appliances only) (collector mode) on page 37
• set traffic-filter (collector mode) on page 38
• set protocols (collector mode) on page 38
• set proxy (collector mode) on page 39
• show (collector mode) on page 45
Diagnosis Mode Commands

• capture-start on page 28
• copy on page 30
• exit on page 31
• gssreport on page 32
• help on page 33
• set (diagnosis mode) on page 40
• setupcheck on page 44
• show (diagnosis mode) on page 47
All-in-One CLI Commands

• cm on page 29
• copy on page 30
• core on page 30

• exit on page 31
• help on page 33
• ping on page 34
• set traffic-monitoring (for JATP700 Appliances only) (collector mode) on page 37
• set ip interface (server mode) on page 41
capture-start
Table 5: capture-start
Description Starts packet capture as a means for diagnosing and debugging network traffic
and obtaining stats.
See Also:“diagnosis” on page 31 [mode]; “collector” on page 29[mode];“copy”

on page 30
Product(s) CLI All-in-One | Collector

Table 5: capture-start (continued)
Mode(s) Diagnosis
Syntax capture-start
Parameters <interface_name><IP address>
Sub-Commands None
Example The following example starts a packet capture process on interface eth1 for a
Traffic Collector with IP address 8.8.8.8:
hostname # diagnosis
hostname (diagnosis)# capture-start eth1 8.8.8.8
NOTE: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a
host that the capture filters on.
cm
Table 6: cm
Description Enters cm (Central Manager) mode.
See Also: basic [mode];
Product(s) CLI All-in-One | Core
Mode(s) Basic
Syntax cm
Parameters None
Sub-Commands exit | help | history | upgrade
Example The following command example enters cm configuration mode:
hostname # cm
hostname (cm)#
collector
Table 7: collector
Description Enters the Collector configuration mode.
See Also: “server” on page 36[mode]
Mode(s) Basic

Table 7: collector (continued)
Syntax collector
Parameters None
Sub-Commands “exit” on page 31;“help” on page 33;“history” on page 33;“set (server mode)” on
page 42;“show (collector mode)” on page 45
Example The following example enters collector configuration mode:
hostname # collector
hostname (collector)# ?
copy
Table 8: copy
Description Uses Secure Copy (SCP) to copy and transfer packet capture or traceback (crash)
data to a remote location, providing the same authentication and level of security
as an SSH transfer.
The copy traceback command, upon Customer Support's request, copies the
traceback files out of the box to a remote location.
See Also: “diagnosis” on page 31[mode]; “capture-start” on page 28
Product(s) CLI All-in-One | Collector | Core-CM | Mac OSX Engine
Mode(s) Diagnosis
Syntax copy capture <scp source_file_name username@destination_host:destination_folder>

| traceback {<tab> | ALL} <string URI as user@hostname:path
Parameters copy capture <scp remote filename_location>
copy traceback <ALL | filename>
copy traceback <tab> [tab displays all available crash filenames]
Sub-Commands None
Example The following example copies the file "Eth1.txt" from the local host to a remote host:
hostname (diagnosis)# copy capture Eth1.txt
admin@remotehost.edu:/some/remote/directory
core
Table 9: core
Description Enters core mode.

Table 9: core (continued)
Product(s) CLI All-in-One | Collector | Core | Mac OS X Detection Engine
Mode(s) Basic
Syntax core
Parameters None
Sub-Commands exit, help, history, show, updateimage
Example The following command example enters core configuration mode:
hostname # core
hostname (core)#
diagnosis
Table 10: diagnosis
Description Enters the Diagnosis configuration and status check mode.
See Also: collector [mode], server [mode]
Product(s) CLI All-in-One | Collector | Mac OS X Detection Engine
Mode(s) Basic
Syntax diagnosis
Parameters None
Sub-Commands “capture-start” on page 28;“copy” on page 30;“exit” on page 31;“gssreport” on

page 32;“help” on page 33;“history” on page 33;“set (server mode)” on
page 42;“setupcheck” on page 44;“show (diagnosis mode)” on page 47;“shutdown”
on page 48
Example The following example enters diagnosis configuration and status check mode:
hostname (diagnosis)# ?
exit
Table 11: exit
Description Ends the CLI session.
Product(s) CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine
Mode(s) Basic | Core | Collector | Diagnosis | Server

Table 11: exit (continued)
Syntax exit
Parameters None
Example The following example ends a command mode or CLI session.
JATP# (diagnosis) exit
JATP#
JATP (core) exit
JATP# exit
gssreport
Table 12: gssreport
Description Use the gssreport command to submit reports to Juniper Global Security Services
(GSS), and to display the status of the current GSS report.
See Also:“gssreport” on page 32 ; “diagnosis” on page 31[mode]
Mode(s) diagnosis
Syntax gssreport status | submit
Parameters status - displays the status of the current GSS report.
submit - submits a report to Juniper ATP Appliance GSS.
Sub-Commands None
Example The following examples display the status of a GSS report submission:
hostname (diagnosis)# gssreport submit
Successfully started GSS report
hostname (diagnosis)# gssreport status

GSS is currently enabled
Last 5-minute GSS report at 2015-07-28 10:34:24.414322:
successfully submitted
Last hourly GSS report at 2015-07-28 10:34:24.468259:
Last daily GSS report at 2015-07-28 10:34:28.225512:

help
Table 13: help
Description Displays information about the CLI help system.
Syntax help
Parameters None
Example The following example shows some of the output of the help command.
CONTEXT SENSITIVE HELP

[?] - Display context sensitive help. This is either a list of possible command
completions with summaries, or the full syntax of the current command. A
subsequent repeat of this key, when a command has been resolved, will display
a detailed reference.
AUTO-COMPLETION
The following keys both perform auto-completion for the current command line.
If the command prefix is not unique then the bell will ring and a subsequent
repeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command.

If there is a syntax error then offending part of the command line will be highlighted
and explained.
[tab] - Auto-completes
[space] - Auto-completes, or if the command is already resolved inserts a space.
If “<cr>” is shown, that means that what you have entered so far is a complete
command, and you may press Enter (carriage return) to execute it.
Use ? to learn command parameters and option:

JATP (server)# show f?
firewall Show the firewall configuration settings
interface
JATP (server)# show firewall?
all Show the current iptables settings
whitelist Show the iptables whitelist settings
show firewall whitelist?
<cr>
show firewall whitelist
history
Table 14: history
Description Displays the current CLI session command line history.
Syntax history

Table 14: history (continued)
Parameters None
Example The following examples returns command line history for the current CLI session.
JATP# (core) history
ifrestart
Table 15: ifrestart
Description Restarts the interface driver and services using the interface.
Product(s) CLI All-in-One | Core CM | Mac Mini OS X Detection Engine
Mode(s) Server
Syntax ifrestart eth0 | eth1
Parameters
eth0 Restarts the management network administra interface.
eth1 Restarts the monitoring network interface.
Example The following example restarts the eth0 interface for the management network.
<FireEye_name># ifrestart eth0
ping
Table 16: ping
Description Sends ICMP (Internet Control Message Protocol) echo request packets to a specified host
name or IP address to verify that the destination is reachable over the network.
Mode(s) Server
Syntax ping [-c count] [-h hops] [string]

Table 16: ping (continued)
Parameters
-ccount Number of echo requests to send. By default, pings ar continuou
Ctrl+C.
-hhops Number of next hops between pings (default is 1).
string IP address, hostname or interface name used to ping device ad
Example The following example sends three echo requests to the device with the IP Address
10.10.10.1
<FireEye_name># ping -c 3 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.

64 bytes from 10.10.10.1: icmp_req=1 ttl=64 time=0.314 ms
64 bytes from v: icmp_req=3 ttl=64 time=0.274 m
--- 10.10.10.1 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.274/0.288/0.314/0.022 ms
reboot
Table 17: reboot
Description Reboots the Juniper ATP Appliance.
Mode(s) Server
Syntax reboot
Parameters None
Example The following example reboots the system.
hostname# reboot
restart
Table 18: restart
Description Restarts Juniper ATP Appliance services.
Mode(s) Server
Syntax restart [all | behaviorengine | cm | collector | core | correlationengine | database |

ntpserver | sshserver | staticengine | webserver]

Table 18: restart (continued)
Parameters
all Restarts all Juniper ATP Appliance services.
behaviorengine Restarts the Behavioral Analysis Engine
cm Restarts the Central Manager Web UI service.
collector Restarts the Collector service.
core Restarts the Core Detection Engine.
correlationengine Restarts the Correlation Engine.
database Restarts the Database.
ntpserver Restarts the NTP server.
sshserver Restarts the SSH server.
staticengine Restarts the Static Analysis Engine.
webserver Restarts the web server.
Example The following example restarts the Central manager service.
JATP# restart cm
server
Table 19: server
Description Enters the server configuration mode.
See Also: “collector” on page 29
Product(s) CLI All-in-One | Collector | Core/CM | Mac Mini Mac OS X
Mode(s) Basic
Syntax server
Sub-Commands “exit” on page 31; “help” on page 33; “history” on page 33; “ifrestart” on page 34;
“ping” on page 34; “reboot” on page 35; [Unresolved xref]; “set (server mode)”
on page 42; “upgrade” on page 49
Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM

directly will lose the whitelist state as rules cannot be saved in that case.
Example The following example enters server configuration mode:
hostname # server
hostname (server) # ?

set honeypot (collector mode)
Table 20: set honeypot
Description Enables and disables the SSH-Honeypot feature for a Traffic Collector.
A honeypot can be deployed within a customer network to detect network activity

generated by malware attempting to infect or attack other machines in a local area
network. These attempted SSH logins can be used to supplement detection of
lateral spread.
There are two parameters that can be set for a honeypot:
• Enable/disable a honeypot
• Set a Static IP (IP, mask, and gateway) or DHCP of a publicly addressable
interface
See Also: show honeypot command in “show (collector mode)” on page 45
Mode(s) collector
Syntax (collector)# set honeypot ssh-honeypot enable dhcp
(collector)# set honeypot ssh-honeypot enable address (IP address) netmask

(subnet IP) gateway (IP address)
(collector):# set honeypot ssh-honeypot disable
Example The following example enables the SMB parser for lateral detections:
(collector)# set honeypot ssh-honeypot enable address 1.2.3.4 netmask

255.255.0.0 gateway 1.2.3.1
NOTE: The static IP configuration does not require configuring DNS. Honeypots do
not require a DNS server at this time.
set traffic-monitoring (for JATP700 Appliances only) (collector mode)
Table 21: set traffic-monitoring
Description Sets the traffic monitoring interface on the JATP700
Mode(s) collector
Syntax # set traffic-monitoring-ifc 1gb_ifc
Set the traffic monitoring interface to be the 1G interface.
# set traffic-monitoring-ifc 10gb_ifc
NOTE: After making an interface type change, the system must be rebooted for
the change to take effect.

set traffic-filter (collector mode)
Table 22: set traffic-filter
Description Sets traffic filter rules to avoid analysis on a set of configured traffic, which cannot be made
retroactive; for example: any analysis skipped as a result of the filtering cannot be reversed.
This command can be applied to an entire network/subnet/ CIDR range.
See Also:“set (server mode)” on page 42;“show (diagnosis mode)” on page 47 [show
traffic-filter]
Mode(s) collector
Syntax set traffic-filter {add <rule_name> <domain> <sourceaddress> <destination-address>

<source-port> <destination-port> <protocol> | remove <rule_name>}
Parameters
traffic-filter add Adds a traffic filter rule where:
<RuleString> “RuleString” is the name of the rule
<Dom ainString> “DomainString” is the domain to filter out
<sourc eaddress> “source-address” is the source IPv4 address or network (CIDR)
<destination-address> “destination-address” is the destination IPv4 address or network (
<source-port> “source-port” is the source port number (0-65535)
<destinationport> “destination-port” is the destination port number
<protocol> (0-65535)“protocol” is the protocol type: either IP, TCP, UDP or HT
Example The following example add a traffic filter rule to the Traffic Collector.
JATP-collector02(collector)# set traffic-rule add CustomRule2 headqrts.example.com

10.2.00/16 20.0.0.2 90 120 tcp
where destination-address is 20.0.0.2, destination-port is 120, protocol is tcp, source-address

is 10.2.0.0/16 and source-port is 90 (in our example).
set protocols (collector mode)
Table 23: set protocols
Description Enables and disables the HTTP or SMB parser for a Traffic Collector.
See Also: show protocols command in “show (collector mode)” on page 45
Mode(s) collector

Table 23: set protocols (continued)
Syntax (collector)# set protocols {http [on|off] | smb [on|off]}
hostname (collector) set protocols smb on
set proxy (collector mode)
Table 24: set proxy
Description Sets an Inside or Outside data path proxy from collector mode.
Deploy Traffic Collectors in locations where the monitoring interface is (1) placed
“outside” between the proxy and the egress network for customer environments in
which the proxy supports XFF (X-Forwarded-For), or (2) [the more typical deployment
scenario], the Collector is placed between the proxy and the internal network using
FQDN (if available) to identify the threat source for all types of incidents (“inside”
proxy). When configured, the Juniper ATP Appliance Traffic Collector will monitor all
traffic and correctly identify source and destination hosts for each link in the kill chain
wherever the data allows for it.
Note that if the “X-Forwarded-For” header is provided in the HTTP request, detection
will identify threat targets when deployed outside of the proxy (customers can choose
to disable the XFF feature in the proxy setting, if desired).
See Also: “set (server mode)” on page 42[“set proxy” command for management
network]; “set (diagnosis mode)” on page 40;
NOTE: The mitigation IP address of a CNC server is not be available for Inside proxy
deployments. When a Juniper ATP Appliance is deployed behind a proxy, the
Mitigation-> Firewall page in the Juniper ATP Appliance Central Manager Web UI (which
typically displays the CNC server IP address to mitigate) will be empty. The destination
IP address of any callback is made to the proxy server ip address, so it is not relevant
to display the proxy server IP address on the Mitigation->Firewall page.
Mode(s) collector
Syntax set proxy inside {add <proxy IP address> <proxy port> | remove <proxy IP address>
<proxy port>
set proxy outside {add <proxy IP address> | remove <proxy IP address>

Table 24: set proxy (continued)
Parameters
inside Sets the inside proxy IP addresses
outside outside Sets the outside proxy IP addresses
add Adds a proxy configuration.
remove Removes a proxy configuration.
Example The following example sets an inside data path proxy:
JATP (collector)# set proxy inside add 10.1.1.1 8080
The following example sets an outside data path proxy:
JATP (collector)# set proxy outside add 10.2.1.1
set (diagnosis mode)
Table 25: set
Description Sets the logging levels for Juniper ATP Appliance components from diagnosis
mode.
See Also:“set (server mode)” on page 42; set (collector mode)
Mode(s) diagnosis
Syntax set logging
Parameters
all Sets logging for all Juniper ATP Appliance components.
default Sets logging to the default parameters
debug Sets logging at the debug level.
info Sets logging at the info level.
warning Sets logging at the warning level.
error Sets logging at the error level.
critical Sets logging at the critical level.
Example The following example sets the default logging level for all Juniper ATP Appliance
components.
JATP# set logging all

set appliance-type (server mode)
Table 26: set appliance-type
Description Change the appliance type at any time. For example, change from All-In-One to
Core/CM. Note that if you change the appliance type after the initial installation,
all data files related to the current type are lost and you must set up the appliance
as you would a fresh box.
Product(s) CLI All-in-One | Core CM | Collector
Mode(s) server
Syntax jatp:AIO#(server)# set appliance-type core-cm
Parameters
all-in-one
core-cm
email-collector
traffic-collector
Example The following example changes the form factor of the appliance from all-in-one
(the default) to core-cm:
jatp:AIO#(server)# set appliance-type core-cm

This will result in the deletion of all data and configurations not relevant to the
new form factor.
Proceed? (Yes/No)? Yes
set ip interface (server mode)
Table 27: set ip interface
Description Sets the management interface (eth0) and/or the alternate-exhaust interface
(eth2) for the Juniper ATP Appliance.
Refer to the Operator’s Guide for information about configuring the optional
alternate analysis engine eth2 interface option (it moves CnC traffic during analysis
engine processing off the enterprise’s eth0 management network).
See Also:“set (server mode)” on page 42;“set protocols (collector mode)” on

page 38;“show (core mode)” on page 46;“shutdown” on page 48
Mode(s) server
Syntax (server) # set ip interface management <dhcp | address | netmask | gateway>
(server) # set ip interface alternate-exhaust <address | netmask | gateway>

Table 27: set ip interface (continued)
Parameters
dhcp Enables DHCP for the management or alternate-exhaust interface.
address Sets the static IP address for the management (eth0) or lternate-exhau
netmask Sets the netmask for the management network or the alternate-exhaus
gateway Sets the Gateway IP address for the management interfac or the option
network.
Example The following example configures the management interface (eth0) for a Juniper
ATP Appliance Core device:
JATP (server)# set ip interface management address

10.2.123.18 netmask 255.255.255.0 gateway 10.2.0.1
The following example configures the management interface (eth0) using DHCP:
JATP (server)# set ip interface management dhcp
This example configures the alternate-exhaust interface (eth2) for a Juniper ATP
Appliance Core device:
JATP (server)# set ip interface alternate-exhaust address 10.2.123.12 netmask

255.255.255.0 gateway 10.2.0.2
set (server mode)
Table 28: set
Description Configure the system settings.
Mode(s) Server, See Also:“set (diagnosis mode)” on page 40;“set traffic-filter (collector
mode)” on page 38
Syntax set [autoupdate {on | off} | cli timeout secs | clock | cm address | support
{enable | disable} localmode {enable | disable}| passphrase string | dns |
firewall {all <backup | flush> | whitelist} | hostname string | ip interface
{management | alternate-exhaust}| ntpserver | password | proxy {config |
enabled | remove} | timezone string | uipassword]
Parameters Note: vCore for AWS does not use the following CLI commands:
(Columns below) set ip
set hostname
[Users cannot set static IP address or change the hostname directly on an EC2
AWS instance]
server mode “set proxy” command is a management network proxy tool; for data
path Collector proxy configurations, refer to
“set proxy (collector mode)” on page 39

Table 28: set (continued)
autoupdate {content | software} {on | Turn on or off automatic product updates. set autoupdate content on
off}
Sets CLI timeout period in seconds (0 indicates no timeout).
cli timeout secs
Sets the current date and time.
clock
cm address Sets the IP address of the Central Manager and netmask using the slash notation;
example: AAA.BBB.CCC.DD/X
set support {enable | disable} |
{localmode} Enables remote SSH login “support” account or localmode enable|/disable.
dns
Sets DNS (or enables DHCP for DNS) for the management interface by default
firewall {all <backup | flush> | whitelist if interface is unspecified.
<add | delete | flush>}
Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes or
hostname string flushes the current iptables whitelist-specific settings for the firewall.
ip interface {management |
The “add” option adds an IP address to the iptables outbound whitelist.
alternateexhaust} <dhcp | address |
netmask | gateway}
# set firewall whitelist add 10.1.1.1
Sets the system’s host name.
Sets the IP address, netmask, or default gateway, or enables DHCP for the
management or alternate-exhaust interface.
ntpserver Sets the Network Time Protocol (NTP) server.

passphrase string
password Sets the device key password; enter a string.
Sets a new password for the CLI administrator.
proxy {config <all|http> | enabled Config, enable/disable, or remove “all” proxy configs, or remove an HTTP-specific
<on|off> | remove <all|http>} proxy server.
TIP: Tip: Config the proxy for “all” protocols first, and then change HTTP proxy
as needed.
timezone string Sets the timezone for the device.
uipassword Sets a new admin password for CM Web UI access.
Example The following example disables the CLI timeout counter.
JATP (server)# set cli timeout 0
The following example enables support:
JATP (server)# set support enable

set system-alert (server mode)
Table 29: set system-alert
Description Configure the traffic threshold and checking interval for the Collector “monitored
traffic” health status.
When the monitored traffic of a collector within the checking interval time is lower
than the threshold, a system health alert is generated. You can send an email
notification of the alert if email notifications of system health events are configured.
Product(s) CLI All-in-One | Core CM
Mode(s) Server, See Also:“set (diagnosis mode)” on page 40;“set traffic-filter (collector
mode)” on page 38; show
Syntax set system-alert traffic <integer> time <interval>
NOTE: Note that both "traffic" and "time" parameters are required in order to set
the threshold for both the minimum traffic and time.
Parameters
traffic - the minimum traffic (in KB)
interval - the checking interval (in minutes)
Example JATP (server) # set system-alert traffic 100 time 30
This example sets the system alert such that, if the total monitored traffic of a
collector within the last 30 minutes dips lower than 100KB, then a system health
alert will be generated (and users will receive an email notification of the alert if
email notifications are configured for system health events).
By default this alert is disabled, and users must set the minimum traffic and interval
in order to enable it. Also note that all bytes seen on Ethernet frames are counted
in the traffic.
The minimum interval for the "set system-alert traffic" time interval command is
10 minutes. If the minimum interval is set to less than 10 minutes, no alerts will be
triggered.
setupcheck
Table 30: setupcheck
Description Checks and reports on basic configuration settings and analysis pipeline setup.
Mode(s) diagnosis
Syntax setupcheck {all | report | basic | analysis}

Table 30: setupcheck (continued)
Parameters
all Checks both basic settings and analysis pipelin
report Shows report of last setupcheck.
basic Checks basic configuration settings.
analysis Checks the analysis pipeline.
Example The following example checks all basic configuration settings as well as the analysis
pipeline:
JATP (diagnosis) # setupcheck all
show (collector mode)
Table 31: show (collector mode)
Description Displays the Traffic Collector HOMENET settings and all configured subnets, as well
as current traffic filters and the current XFF status (enabled or disabled)
Mode(s) Collector
Subcommands homenet | traffic-filter | proxy | honeypot
Syntax show

Table 31: show (collector mode) (continued)
Parameters
traffic-filter Shows all traffic filter rules.
protocols Shows current HTTP or SMB protocol parser settings
proxy {inside|outside} Shows Traffic Collector proxy for inside or outside configu
honeypot Shows the current honeypot configuration.
Example The following example displays the current Collector proxy inside settings:
collector02(collector)# show proxy inside

Proxy IPs: 10.1.1.1
The following example displays the current traffic filter:
collector02 (collector)# show traffic-filter

Name: CustomRule2, Domain: headqtrs.example.com
The following example displays the current SMB protocol parser setting:
collector02 (collector)# show protocols
The following example displays the current honeypot configuration:
collector02 (collector)# show honeypot ssh-honeypot
Table 32: show (collector mode)
Description Display the currently selected traffic monitoring interface.
Mode(s) Collector
Syntax collector02 (collector)#ow traffic-monitoring-ifc-type
Display the currently selected traffic monitoring interface
show (core mode)
Description Displays the guest image(s) status or whitelist statistics.
See Also:“shutdown” on page 48; show (diagnostic mode)
Product(s) CLI See Also: shutdown; show (diagnostic mode)
Mode(s) Core
Syntax show

Parameters
images Displays guest image update and status information.
whitelist Displays the name, hit count and the time of last hit of a user configured whit
Note that when a whitelist rule is deleted, it will be removed from the list. Upd
are not affected by the presence of the rule in the output, but hit count could
more than one rule can be hit by a single incident.
alternate-exhaustinterface Displays the status of the alternate exhaust interface eth2.
Example The following example demonstrates the show images command usage:
JATP(core)# show images
The following example demonstrates the show whitelist command usage:
JATP(core)# show whitelist
Rule Name Hit Count Local Time of Last Hit
URI1 10 Wed Sep 2 18:16:55 2015
URI2 10 Wed Sep 2 18:16:55 2015
URI3 10 Wed Sep 2 18:16:55 2015
greatfilesarey 49 Wed Sep 2 18:20:00 2015
The following example shows how to get the alternate-exhaust interface (eth2)
status:
JATP(core)# show alternate-exhaust interface
show (diagnosis mode)
Table 33: show (diagnosis mode)
Description Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.
See Also:“shutdown” on page 48;show (core mode)
Mode(s) diagnosis
Syntax show

Table 33: show (diagnosis mode) (continued)
Parameters
device {collectorstatus | | Display connected device statistics for Traffic Collector, CoreCM, or Mac
corestatus | slavecorestatus} Secondary “slave core.”
protocol {web | email} Displays the session counts for network web or email protocols.
objects Displays the current number of file objects.
logging Displays the currently-configured logging level.
See Also: “set traffic-filter (collector mode)” on page 38
log error traceback Displays only the tracebacks (if any) generated by Juniper ATP Applian
logs. A traceback is a stack of functions that were executing when an e
encountered.
log error last <integer: number Displays n [1-1000] lines of the contents of the common log file.
of lines to display>
Example: show log error last 12
Example The following example displays the connected Traffic Collector status.
JATP(diagnosis)# show device collectorstatus

<cr>
JATP (diagnosis)# show device collectorstatus WEB_COLLECTOR
IP : 10.2.9.68
Enabled : True
Last Seen : 2015-07-25 15:13:17.967000-07:00
Install Date : 2015-06-25 19:03:38-07:00
IP : 10.2.20.3
Enabled : True
Last Seen : 2015-07-28 11:07:42.046000-07:00
Install Date : 2013-11-14 09:25:39-08:00
This example displays the log error traceback
JATP(diagnosis)# show log error traceback

<cr>
shutdown
Table 34: shutdown
Description Shuts down the Juniper ATP Appliance server.
Mode(s) Server

Table 34: shutdown (continued)
Syntax shutdown
Parameters None
Example The following example performs a shutdown of the current device.
JATP# shutdown
traceroute
Table 35: traceroute
Description Displays the route packets trace to a host name or an IP address.
Mode(s) Server | Collector
Syntax traceroute
Parameters
-h unsigned integer Specifies the number of hops
string Names the remote system to be traced.
Example The following example performs a traceroute of the named device.
JATP# traceroute -h 2 MacMininOSX-Engine
upgrade
Table 36: upgrade
Description Upgrade Juniper ATP Appliance software for the Core/CM device or vCore, and all
connected physical or virtual devices.
Mode(s) cm
Syntax upgrade <URI as user@hostname:path>
Parameters
<String_URI> Specifies the software packages to copy .from a remo location for upgra
Example The following example copies Juniper ATP Appliance software to the Core from a
remote location defined by the path provided.
CoreCM(cm)# upgrade admin@remoteHost.edu:some/remote/ directory

updateimage
Table 37: updateimage
Description Update or correct the guest-image OS profile used by the detection and analysis
behavioral engine.
The updateimage command will update the guest images from the Juniper ATP
Appliance update servers or a USB drive attached to the Juniper ATP Appliance.
Product(s) CLI All-in-One | Core-CM | Mac Mini OS X Detection Engine
Mode(s) Core
Syntax updateimage
Parameters
built-in Updates the guest-image on the detection Engine
Example The following example performs a built-in profile update for the Core detection
engine.
JATP (core)# updateimage built-in

Installing image SC-XP-20150617.img...
Previous version of SC-XP-20150617.img exists.
Checking integrity...
Image SC-XP-20150617.img is already installed
Installing image SC-W7-20150521.img...
Previous version of SC-W7-20150521.img exists.
Image SC-W7-20150521.img is already installed
wizard
Table 38: wizard
Description Enters the Configuration Wizard. For Configuration Wizard commands and response,
see “Configuration Wizard for the All-in-One Server” in the next section to follow
command prompts and recommended responses.
Product(s) CLI All-in-One | Core/CM | Collector | Mac Mini Mac OS X
Mode(s) Basic
Syntax wizard
Parameters None
Example The following command starts the configuration wizard.
hostname # wizard

Configuration Wizard for the All-in-One Server

Table 39: Configuration Wizard for All-in-One Server
Configuration Wizard Prompts Customer Response Actions
Use DHCP to obtain the IP address and DNS server address for We strongly discourage the use of DHCP addressing because
the administrative interface (Yes/No)? it changes dynamically. A static IP address is preferred.
Note: Only if your DHCP response is no ,enter the following Recommended: Respond with no:
information when prompted:
a. Enter an IP address
a. IP address (no CIDR format) b. Enter a netmask using the form 255.255.255.0.
b. Netmask c. Enter a gateway IP address.
c. Enter a gateway IP address for this management d. Enter the DNS server IP address
(administrative) interface:
e. If yes enter the IP address of the secondary DNS server.
d. Enter primary DNS server IP address.
f. Enter yes if you want DNS lookups to use a specific domain.
e. Do you have a secondary DNS Server (Yes/No).
g. Enter search domain(s) separated by spaces; for example:
f. Do you want to enter the search domains? example.com lan.com dom2.com
g. Enter the search domain (separate multiple search domains
by space): Enter yes to restart with the new configuration settings
applied.
Restart the administrative interface (Yes/No)?
Enter a valid hostname. Type a hostname when prompted; do not include the domain;
for example: JuniperATP1.
NOTE: Only alphanumeric characters and hyphens (in the

middle of the hostname) are allowed.
[OPTIONAL] Refer to “Configuring an Alternate Analysis Engine Interface”

in the Juniper ATP Appliance Operator’s Guide for more
If the system detects a Secondary Core with an eth2 port, then information.
the alternate CnC exhaust option is displayed:
Enter yes to configure an alternate eth2 interface.
Use alternate-exhaust for the analysis engine exhaust traffic
(Yes/No)? Enter the IP address for the eth2 interface.
Enter IP address for the alternate-exhaust (eth2) interface: Enter the eth2 netmask.
Enter netmask for the alternate-exhaust (eth2) interface: Enter the gateway IP address.
(example: 255.255.0.0)
Enter the primary DNS server IP Address for the
Enter gateway IP Address for the alternateexhaust (eth2) alternate-exhaust (eth2) interface.
Enter yes or no to confirm or deny an eth2 secondary DNS
Enter primary DNS server IP Address for the alternate-exhaust server.
(eth2) interface: (example: 8.8.8.8)
Enter yes or no to indicate whether you want to enter search
Do you have a secondary DNS server for the alternate-exhaust domain.
(eth2) interface?
Do you want to enter the search domains for the

alternate-exhaust (eth2) interface?
NOTE: A complete network interface restart can take more

than 60 seconds

Table 39: Configuration Wizard for All-in-One Server (continued)
Regenerate the SSL self-signed certificate (Yes/No)? Enter yes to create a new SSL certificate for the Juniper ATP
Appliance Server Web UI.
See Also • Core/CM Server CLI Commands on page 52
Core/CM Server CLI Commands
This chapter describes the commands for available for Juniper ATP Appliance Core/CM
or vCore servers. These commands are used to configure devices and software, manage
security events, and show system information and status.
You must enclose non-alphabet characters in double quotes in CLI commands.

• CM Commands on page 53
• CoreCM CLI Commands on page 54
• Configuration Wizard for the CoreCM Server on page 74
Basic Mode Commands

• cm on page 29
• core on page 30
• exit on page 31
• help on page 33
Refer to the respective sections in this guide to review Diagnosis Mode, CM Mode, Collector
Mode and Server Mode commands per product device.

CM Commands
• exit on page 31
• help on page 33
Core Mode Commands

• exit on page 31
• help on page 33
• set (core mode) on page 62

• exit on page 31
• help on page 33
• ping on page 34
• show (server mode) on page 68

• copy on page 30

• exit on page 31
• help on page 33
CoreCM CLI Commands

• cm on page 55
• core on page 56
• copy on page 56
• exit on page 57
• help on page 58
• ping on page 60
• set (core mode) on page 62

capture-start
Description Starts packet capture as a means for diagnosing and debugging network traffic and obtaining
stats.
See Also:“diagnosis” on page 31[mode];“copy” on page 30
Mode(s) Diagnosis
Parameters <IP address> <interface_name>
Sub-Commands None
Example The following example starts a packet capture process on interface eth1 for a Traffic Collector
with IP address 8.8.8.8:
hostname (diagnosis)# capture-start 8.8.8.8 eth1
NOTE: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the
capture filters on.
cm
Table 41: cm
Description Enters cm (Central Manager) mode.
Product(s) CLI All-in-One | Core
Mode(s) Basic
Syntax cm
Parameters None
Sub-Commands exit | help | history | upgrade
Example The following command example enters cm configuration mode:
hostname # cm
hostname (cm)#

core
Table 42: core
Mode(s) Basic
Syntax core
Parameters None
Example The following command example enters core configuration

mode:
hostname # core
hostname (core)#
copy
Table 43: copy
Description Uses Secure Copy (SCP) to copy and transfer packet capture or traceback (crash) data to a remote
location, providing the same authentication and level of security as an SSH transfer.
The copy traceback command, upon Customer Support's request, copies the traceback files out
of the box to a remote location.
See Also:“diagnosis” on page 31[mode];“capture-start” on page 55
Mode(s) Diagnosis
Syntax copy capture <scp source_file_name username@destination_host:destination_folder> | traceback

{<tab> | ALL} <string URI as user@hostname:path
copy traceback <ALL | filename>
Sub-Commands None

Table 43: copy (continued)
Example The following example copies the file "Eth1.txt" from the local host to a remote host:
hostname (diagnosis)# copy capture scp captureEth1.txt
diagnosis
Table 44: diagnosis
Mode(s) Basic
Syntax diagnosis
Parameters None
Sub-Commands “capture-start” on page 55; “copy” on page 30; “exit” on page 31; “gssreport” on
page 32;“help” on page 33;“history” on page 33;“set (server mode)” on
page 42;“setupcheck” on page 44;“show (diagnosis mode)” on page 47;“show (server
mode)” on page 68
exit
Table 45: exit
Syntax exit
Parameters None

JATP#

gssreport
Table 46: gssreport
Description Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and to
display the status of the current GSS report.
See Also:“gssreport” on page 32;“diagnosis” on page 31[mode]
Mode(s) diagnosis
Sub-Commands None

help
Table 47: help
Syntax help
Parameters None

Table 47: help (continued)

AUTO-COMPLETION
[enter] - Auto-completes, syntax-checks then executes a command. If there is
a syntax error then offending part of the command line will be highlighted and
explained.
interface
<cr>
history
Table 48: history
Syntax history
Parameters None
Example The following examples returns command line history for the current CLI
session.
ifrestart
Table 49: ifrestart

Table 49: ifrestart (continued)
Mode(s) Server
Parameters eth0 Restarts the management network administra interface.
ping
Table 50: ping
Description Sends ICMP (Internet Control Message Protocol) echo request packets to a specified host name or IP address to verify that the
destination is reachable over the network.
Product(s) All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine

CLI
Mode(s) Server
Parameters
-ccount Number of echo requests to send. By default, pings ar continuously until you press Ctrl+C.
string IP address, hostname or interface name used to ping device address
Example The following example sends three echo requests to the device with the IP Address 10.10.10.1


reboot
Table 51: reboot

Table 51: reboot (continued)
Mode(s) Server
Syntax reboot
Parameters None
hostname# reboot
restart
Table 52: restart
Mode(s) Server

Parameters
behaviorengine Restarts the Behavioral Analysis Engine
cm Restarts the Central Manager Web UI service.
collector Restarts the Collector service.
core Restarts the Core Detection Engine.
correlationengine Restarts the Correlation Engine.
staticengine Restarts the Static Analysis Engine.
webserver Restarts the web server.
JATP# restart cm

set (core mode)
Table 53: set
Description Resets the Secondary Core UUID, if the virtual core is cloned.
Product(s) CLI Core/CM (Virtual Core)
Mode(s) Core (for Virtual Core configurations)
Syntax set id
Sub-Commands None
Example The following example sets the Virtual Core appliance id:
hostname # core
hostname (core) # set id
<cr>
server
Table 54: server
Mode(s) Basic
Syntax server
Sub-Commands “exit” on page 31;“help” on page 33;“history” on page 33;“ifrestart” on page 34;“ping” on
page 34;“reboot” on page 35;[Unresolved xref];“set (server mode)” on page 42;“show (server
mode)” on page 68;“traceroute” on page 49;“upgrade” on page 49
Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly will
lose the whitelist state as rules cannot be saved in that case.
hostname # server
set system-alert (server mode)
Table 55: set system-alert
Description Configure the traffic threshold and checking interval for the Collector “monitored traffic” health status.
When the monitored traffic of a collector within the checking interval time is lower than the threshold, a
system health alert is generated. You can send an email notification of the alert if email notifications of
system health events are configured.

Table 55: set system-alert (continued)
Mode(s) Server, See Also:“set (diagnosis mode)” on page 40; set (collector mode); show
Syntax set system-alert traffic <integer> time <interval>
NOTE: Note that both "traffic" and "time" parameters are required in order to set the threshold for both
the minimum traffic and time.
Parameters traffic - the minimum traffic (in KB)
interval - the checking interval (in minutes)
Example JATP (server) # set system-alert traffic 100 time 30
This example sets the system alert such that, if the total monitored traffic of a collector within the last
30 minutes dips lower than 100KB, then a system health alert will be generated (and users will receive
an email notification of the alert if email notifications are configured for system health events).
By default this alert is disabled, and users must set the minimum traffic and interval in order to enable
it. Also note that all bytes seen on Ethernet frames are counted in the traffic.
The minimum interval for the "set system-alert traffic" time interval command is 10 minutes. If the
minimum interval is set to less than 10 minutes, no alerts will be triggered.
set (server mode)
Table 56: set
Mode(s) Server, See Also: “set (diagnosis mode)” on page 40; “set (core mode)” on
page 62; “show (core mode)” on page 46
{enable | disable} localmode {enable | disable}| passphrase string | dns
| firewall {all <backup | flush> | whitelist} | hostname string | ip interface
{management | alternate-exhaust}| ntpserver | password | proxy {config
| enabled | remove} | timezone string | uipassword]
Parameters
NOTE: vCore for AWS does not use the

following CLI commands:
set ip
set hostname
[Users cannot set static IP address or change

the hostname directly on an EC2 AWS
instance]
(See columns below)

autoupdate {content | software} {on | off} Turn on or off automatic product updates.
cli secs set autoupdate content on

clock Sets CLI period in seconds (0 indicates no timeout).
cm address Sets the current date and time.

set support {enable | disable} |
Sets the IP address of the Central Manager and netmask using slash notation;
{localmode}
ex: AAA.BBB.CCC.DD/X
dns
Enables remote SSH login “support” account or localmode enable|/disable.
firewall {all <backup | flush> | whitelist
<add | delete | flush>} Sets DNS (or enables DHCP for DNS) for the management interface by default
if interface is unspecified.
hostname string
Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes
or flushes the current iptables whitelist-specific settings for the firewall.
alternateexhaust} <dhcp | address |
netmask | gateway}
passphrase string Sets the device key password; enter a string.

password
Sets a new password for the CLI administrator.
proxy {config <all|http> | enable <on|off> Config, enable/disable, or remove “all” proxy configs, or remove an
| remove <all|http>} HTTP-specific proxy server.
TIP: Config the proxy for “all” protocols first, and then change HTTP proxy as
needed.
timezone string Sets the timezone for the device.
Examples The following example enables a proxy server.
JATP (server)# set proxy enable on

Table 57: set appliance-type (continued)
Mode(s) server
Parameters
all-in-one
core-cm
email-collector
traffic-collector

new form factor.
Table 58: set
See Also:“set (server mode)” on page 42
Mode(s) diagnosis
Syntax set logging all

Parameters
components.
setupcheck
Mode(s) diagnosis
Parameters all Checks both basic settings and analysis pipelin
Example The following example checks all basic configuration settings as well as the analysis pipeline:
show (core mode)
Table 60: show
Description Displays the guest image(s) status or whitelist statistics.
See Also:“show (server mode)” on page 68; show (diagnostic mode)

Table 60: show (continued)
Product(s) See Also: shutdown; show (diagnostic mode)

CLI
Mode(s) Core
Syntax show
Parameters
images Displays guest image update and status information.
whitelist Displays the name, hit count and the time of last hit of a user configured whitelist.
Note that when a whitelist rule is deleted, it will be removed from the list. Updates to existing
rule are not affected by the presence of the rule in the output, but hit count could increment.
Further, more than one rule can be hit by a single incident.
alternate-exhaustinterface Displays the status of the alternate exhaust interface eth2.
The following example demonstrates the show whitelist command usage:
Rule Name Hit Count Local Time of Last Hit
URI1 10 Wed Sep 2 18:16:55 2015
URI2 10 Wed Sep 2 18:16:55 2015
URI3 10 Wed Sep 2 18:16:55 2015
greatfilesarey 49 Wed Sep 2 18:20:00 2015
The following example shows how to get the alternate-exhaust interface (eth2) status:
See Also:“show (server mode)” on page 68

CLI
Mode(s) diagnosis

Syntax show
Parameters
device {collectorstatus | | corestatus | Display connected device statistics for Traffic Collector, CoreCM, or Mac Mini
slavecorestatus} Detection Engine Secondary “slave core.”
protocol {web | email} Displays the session counts for network web or email protocols.
See Also: set traffic-filter (collector mode) logging
log error traceback Displays only the tracebacks (if any) generated by Juniper ATP Appliance OS process
error logs. A traceback is a stack of functions that were executing when an error
condition was encountered.
log error last <integer: number of lines to Displays n [1-1000] lines of the contents of the common log file.
display>
Example: show log error last 12

<cr>
IP : 10.2.9.68
Enabled : True
Last Seen : 2015-07-25 15:13:17.967000-07:00
Install Date : 2015-06-25 19:03:38-07:00
IP : 10.2.20.3
Enabled : True
Last Seen : 2015-07-28 11:07:42.046000-07:00
Install Date : 2013-11-14 09:25:39-08:00
This example displays the log error traceback
JATP(diagnosis)# show log error traceback

<cr>
show (server mode)
Table 61: show
Description Display configurations and status information.
Product(s)CLI All-in-One | Collector | Core CM | Mac Mini OS X Detection Engine
Mode(s) Server, See Also: “show (diagnosis mode)” on page 47

Syntax show
Parameters
(See Tables below)
autoupdate Show the automatic update setting.
cli timeout Show the CLI timeout setting.
clock Show the current date and time.
cm Show the Central Manager IP address.
controller Show the driver state for interfaces.
support Show the remote SSH login support status.
description Show the server or system description.
devicekey Show the device key.
devicetype Show the device type.
dns Show the DNS servers settings.
eula Show the End User License Agreement.
firewall [all <| whitelist] Show the firewall configuration settings.
hostname Show the system’s host name.
interface [management | Show information about the management (administrative) network interface eth0, or
monitoring | alternateexhaust] the monitoring interface (eth1), or the alternate-exhaust interface (eth2).
See Also: Show the IP address of the management (administrative) interface eth0.
show controller
ip Results may show both private and public IP addresses if the AWS vCore has a public
IP.
name Show the server name.
ntpserver Show the Network Time Protocol (NTP) server settings.
proxy Shows the proxy configuration for the management network.
Show system statistics:

See also show (collector mode) for cpuload shows average CPU load in the system for running processes in the last 1, 5
show proxy inside/outside data path and 15 min intervals.
stats [cpuload | disk | memory] disk shows the disk space usage in the system.
memoryshows the system memory usage.
show stats cpuload (0.06,0.13,0.13)
system-alert Shows the current set system-alert settings.
timezone {US/Eastern | Show the current timezone; example:

US/Central | US/ Mountain
set timezone US/Pacific
TIP:
set timezone <tab> shows options.
uptime Show how long the system has been running.
uuid Show the system UUID (universally unique ID).
version Show Juniper ATP Appliance software and content security
versions:

Example The following example displays information about the CoreCM server device type:
CoreCM(server)# show devicetype

Device type: cm, core
The following example requests data about the alternate-exhaust interface (eth2):
CoreCM(server)# show interface alternate-exhaust
The following example shows details about the Collector’s monitoring interface (eth1):
CoreCM(server)# show interface monitoring

Interface: monitoring (eth1) Enabled: Yes Link: Yes
IP Address: unknown Mask: unknown MTU: 1500
MAC Address: 90:d6:1f:22:70:g6 Speed: 1000Mb/s Duplex:
Full
Auto-negotiation: Yes Medium: Copper
RX packets: 1869032424 Bytes: 1716560257902 Errors: 0
Overruns: 0
TX packets: 409287 Bytes: 44607401 Errors: 0 Overruns: 0
Traffic rate for the last 5 seconds/1 minute/5 minutes
RX bits/sec: 108616/160176/442736
RX packets/sec: 44/46/91
TX bits/sec: 0/112/128
TX packets/sec: 0/0/0
shutdown
Table 62: shutdown
Mode(s) Server
Syntax shutdown
Parameters None

Table 62: shutdown (continued)
JATP# shutdown
traceroute

CLI
Mode(s) Server
Syntax traceroute
Parameters
JATP# traceroute -h 2 MacMininOSX-Engine
upgrade
Table 64: upgrade
Description Upgrade Juniper ATP Appliance software for the Core/CM device or vCore, and all connected physical or virtual devices.
Product(s) All-in-One | Core CM

CLI
Mode(s) cm
Syntax upgrade <URI as user@hostname:path>
Parameters
<String_URI> Specifies the software packages to copy .from a remo location for upgrading via the Core.
Example The following example copies Juniper ATP Appliance software to the Core from a remote location defined by the path provided.
CoreCM(cm)# upgrade admin@remoteHost.edu:some/remote/ directory

updateimage
Description Update or correct the guest-image OS profile used by the detection and analysis behavioral engine.
The updateimage command will update the guest images from a USB drive attached to the Juniper ATP Appliance.
Product(s) All-in-One | Core-CM | Mac Mini OS X Detection Engine

CLI
Mode(s) Core
Syntax updateimage
Parameters
built-in Updates the guest-image on the detection Engine.
Example The following example performs a built-in profile update for the Core detection engine.
JATP (core)# updateimage built-in

Previous version of SC-XP-20140617.img exists.
Previous version of SC-W7-20140521.img exists.
wizard
Table 66: wizard
Description Enters the Configuration Wizard. For Configuration Wizard commands and response, see
“Configuration Wizard for the CoreCM Server” in the next section to follow command
prompts and recommended responses.
Mode(s) Basic
Parameters wizard
Example None
The following command starts the configuration wizard.
hostname # wizard

Configuration Wizard for the CoreCM Server
without completing the configuration, you will be prompted again whether
to run the Configuration Wizard.
You may also rerun the Configuration Wizard at any time with the CLI command wizard.
Configuration Wizard Prompts Customer Response Actions
Use DHCP to obtain the IP address and DNS server address We strongly discourage the use of DHCP addressing because it
for the administrative interface (Yes/No)? changes dynamically. A static IP address is preferred.
NOTE: Only if your DHCP response is no,enter the following Recommended: Respond with no:
e. If yes, enter the IP address of the secondary DNS server.
e. Do you have a secondary DNS Server (Yes/No).
g. Enter the search domain (separate multiple search
domains by space): Enter yes to restart with the new configuration settings applied.
Restart the administrative interface (Yes/No)
for example: juniperatp1


[OPTIONAL] Refer to “Configuring an Alternate Analysis Engine Interface” in

the Juniper ATP Appliance Operator’s Guide for more
If the system detects a Secondary Core with an eth3 port, information.
then the alternate CnC exhaust option is displayed:
(example: 255.255.0.0)
Enter gateway IP Address for the alternateexhaust (eth2) alternate-exhaust (eth2) interface.
Enter yes or no to confirm or deny an eth2 secondary DNS server.
Enter primary DNS server IP Address for the alternate-exhaust
(eth2) interface: (example: 8.8.8.8) Enter yes or no to indicate whether you want to enter search
domain.
Do you have a secondary DNS server for the alternate-exhaust
(eth2) interface?


than 60 seconds
Regenerate the SSL self-signed certificate (Yes/No)? Enter yes to create a new SSL certificate for the Juniper ATP
If you decline the self-signed certificate by entering no, be

prepared to install a certificate authority (CA) certificate.
Enter the following server attributes: Is this a Central Manager device?:
Central Manager (CM) IP Address: Enter Yes; the system will auto-set IP 127.0.0.1 as the All-in-One
IP address.
Device Name: (must be unique)
Enter a connected Juniper ATP Appliance Collector Device
Device Name: (must be unique) Name; this identifies the Collector in the Web UI.
Device Key PassPhrase Enter a device Description
NOTE: Remember this passphrase and use it for all Enter a user-defined PassPhrase to be used to authenticate the
distributed devices. Core to the Central Manager.
Mac OS X Engine CLI Commands
This chapter describes the CLI commands available for the Mac Mini Mac OS X “Secondary
Core” detection engine device. There is no Collector Mode on this device.

NOTE: You must enclose non-alphabet characters in double quotes in CLI

commands.

• Mac OS X Detection Engine CLI Commands on page 77
• Configuration Wizard Command Prompt Responses on page 93
Basic Mode Commands

• core on page 30
• exit on page 31
• help on page 33
• histroy on page 82
Refer to the respective chapters in this guide to review Collector Mode, Diagnosis Mode
and Server Mode commands per device-- All-in-One, Mac OS X Engine, Traffic Collector
and CoreCM.
Core Mode Commands

• exit on page 31
• help on page 33

• exit on page 31
• help on page 33

• ping on page 34

• copy on page 30
• exit on page 31
• help on page 33
Mac OS X Detection Engine CLI Commands

• copy on page 78
• core on page 79
• exit on page 80
• help on page 81
• ping on page 83

capture-start
Description Starts packet capture as a means for diagnosing and debugging network traffic and obtaining
stats.
See Also: “diagnosis” on page 31[mode];“copy” on page 30
Mode(s) Diagnosis
Sub-Commands None
Example The following example starts a packet capture process on interface eth1 for a Traffic Collector
with IP address 8.8.8.8:
NOTE: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that the
capture filters on.
copy
Table 68: copy
Description Uses Secure Copy (SCP) to scp to copy and transfer packet capture or
traceback (crash) data to a remote location, providing the same authentication
and level of security as an SSH transfer.
See Also: “diagnosis” on page 31 [mode]; “capture-start” on page 55

Mode(s) Diagnosis
Syntax copy capture <scp source_file_name

username@destination_host:destination_folder> | traceback all <string
URI as user@hostname:path>

copy traceback all <path string>
Sub-Commands None
Example The following example copies the file "captureEth1.txt" from the local host to
a remote host:
core
Table 69: core
Mode(s) Basic
Syntax core
Parameters None
Example The following command example enters core configuration

mode:
hostname # core
hostname (core)#
diagnosis
Table 70: diagnosis

Table 70: diagnosis (continued)
Mode(s) Basic
Syntax diagnosis
Parameters None
Sub-Commands “capture-start” on page 55;“copy” on page 30;“exit” on page 31; “gssreport” on page 32;
“help” on page 33; “histroy” on page 82; “set (server mode)” on page 42;“setupcheck” on
page 44; “show (diagnosis mode)” on page 47; “shutdown” on page 48
exit
Table 71: exit
Mode(s) Basic | Server | Diagnosis
Syntax exit
Parameters None

JATP#
gssreport
Table 72: gssreport
Description Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and to
display the status of the current GSS report.
See Also:“gssreport” on page 32;“diagnosis” on page 31[mode]
Mode(s) diagnosis

Table 72: gssreport (continued)
Sub-Commands None

help
Table 73: help
Syntax help
Parameters None


AUTO-COMPLETION
[enter] - Auto-completes, syntax-checks then executes a command. If there is
a syntax error then offending part of the command line will be highlighted and
explained.
interface
<cr>
histroy
Table 74: history
Syntax history
Parameters None
Example The following examples returns command line history for the current CLI
session.
ifrestart
Table 75: ifrestart

Table 75: ifrestart (continued)
Mode(s) Server
Parameters eth0 Restarts the management network administra

interface.
Example The following example restarts the eth0 interface for the management
network.
ping
Table 76: ping
Description Sends ICMP (Internet Control Message Protocol) echo request packets to a specified host name or IP address to verify that the
destination is reachable over the network.

CLI
Mode(s) Server
Parameters
-ccount Number of echo requests to send. By default, pings ar continuously until you press Ctrl+C.
Example The following example sends three echo requests to the device with the IP Address 10.10.10.1


reboot
Table 77: reboot

Table 77: reboot (continued)
Mode(s) Server
Syntax reboot
Parameters None
hostname# reboot
restart
Table 78: restart
Mode(s) Server

Parameters
JATP# restart cm
server
Table 79: server
Mode(s) Basic
Syntax server

Table 79: server (continued)
Sub-Commands “exit” on page 31; “help” on page 33; “histroy” on page 82; “ifrestart” on page 34; “ping” on
page 34; “reboot” on page 35; [Unresolved xref]; “set (server mode)” on page 42; “show
(server mode)” on page 68; “traceroute” on page 49; “updateimage” on page 50
Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly will
lose the whitelist state as rules cannot be saved in that case.
hostname # server
set (server mode)
Table 80: set
Mode(s) Server, See Also: “set (diagnosis mode)” on page 40
{enable | disable} localmode {enable | disable}| passphrase string | dns
| firewall {all <backup | flush> | whitelist} | hostname string | ip interface
{management | alternate-exhaust}| ntpserver | password | proxy {config
| enabled | remove} | timezone string | uipassword]
Parameters
(See table below)

autoupdate {content | software} {on | off} Turn on or off automatic product updates.
cli timeout secs set autoupdate content on

clock Set CLI timeout period in seconds (0 = no timeout).
cm address Sets the current date and time.

set support {enable | disable} | {localmode}
Sets the IP address of the Central Manager and netmask using slash notation;
passphrase string ex: AAA.BBB.CCC.DD/X
dns Enables remote SSH login “support” account or localmode enable|/disable.
firewall {all <backup | flush> | whitelist Sets the device key password; enter a string.
<add | delete | flush>}
Sets DNS (or enables DHCP for DNS) for the management interface by default
NOTE: Whitelist rules rely on normal service
if interface is unspecified.
shutdown for backup.Powering off a VM
directly loses the whitelist state as rules
Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes
cannot be saved in that case.
or flushes the current iptables whitelist-specific settings for the firewall.
hostname string
alternateexhaust} <dhcp | address | # set firewall whitelist add 10.1.1.1
netmask | gateway}
password Sets a new password for the CLI administrator.
proxy {config <all|http> | enable <on|off> Config, enable/disable, or remove “all” proxy configs, or remove an
| remove <all|http>} HTTP-specific proxy server.
needed.
timezone {US/ Eastern | US/ Central | US/ Show the current timezone; example:
Mountain
TIP: set timezone <tab> shows options.
Examples The following example sets an ip address for the device management interface
eth0.
JATP# set ip interface 10.1.1.1

Table 81: set
See Also:“set (server mode)” on page 42
Mode(s) diagnosis
Syntax set logging
Parameters
components.
setupcheck
Mode(s) diagnosis

Parameters
all Checks both basic settings and analysis pipelin.
Example The following example checks all basic configuration settings as well as the analysis
pipeline:
show (core mode)
Table 83: show
Description Displays the guest image(s) status.
See Also: “show (server mode)” on page 68; show (diagnostic mode)
Mode(s) Core
Syntax show
Parameters
images Displays guest image update a
whitelist Displays the name, hit count a

configured whitelist.
Note that when a whitelist rule

the list. Updates to existing rul
of the rule in the output, but hi
more than one rule can be hit b
alternate-exhaustinterface Displays the status of the alter
The following example shows how to get the alternate-exhaust interface

(eth2) status:

mode.
See Also:“show (server mode)” on page 68
Mode(s) diagnosis
Syntax show
Parameters
device {collectorstatus | | corestatus | Display connected device statistics for Traffic
slavecorestatus} Mini Detection Engine Secondary “slave core.”
NOTE: Not available from the Mac Mini CLI.
protocol {web | email} Displays the session counts for network web o
logging Displays the currently-configured logging leve
See Also: set (diagnosis mode) logging
log error traceback Displays only the tracebacks (if any) generate
OS process error logs. A traceback is a stack
of functions that were executing when an error
log error last <integer: number of lines to display> Displays n [1-1000] lines of the contents of th
osx-1(server)# show devicetype

Device type: slave_core.
show (server mode)
Table 84: show
Mode(s) Server, See Also: “show (diagnosis mode)” on page 47
Syntax show

Parameters
(See the columns below)
cli Show the CLI setting.
support Show support status.
interface [management | monitoring | (administrative) network interface eth0, or the monitoring interface (eth1), or the
alternateexhaust] alternate-exhaust interface (eth2).
See Also: show controller
ip Show the IP address of the management (administrative) interface eth0.
proxy Show current proxy configuration.
stats [cpuload | disk | memory] Show system statistics:
• cpuload shows the average CPU load in the system for running processes in the
last 1, 5 and 15 minute intervals.
• disk shows the disk space usage in the system.
• memory shows the system memory usage.
timezone Show the current timezone.

upgrade Show the last manual upgrade-related information.
uptime Show how long the system has been running.
version Show Juniper ATP Appliance software and content security versions.
Example The following example displays information about the MacOSX cpuload statistics:
MacOSX (server)# # show stats cpuload

(0.06, 0.13, 0.13)
The following example requests details for the Collector’s monitoring interface (eth1):
MacOSX(server)# show interface monitoring
shutdown
Table 85: shutdown
Mode(s) Server
Syntax shutdown
Parameters None
JATP# shutdown
traceroute

CLI
Mode(s) Server
Syntax traceroute

Table 86: traceroute (continued)
Parameters
MacOSX1# traceroute -h 2 MacMininOSX2-Engine
updateimage
Description Update or correct the guest-image OS profile used by the detection and
analysis behavioral engine.
The updateimage command will update the guest images from a USB drive
attached to the Juniper ATP Appliance.
Product(s) CLI Mac Mini OS X Detection Engine
Mode(s) Core
Syntax updateimage
Parameters
built-in Updates the guest-image on the Mac OSX Detection “Seconda
Example The following example performs a built-in profile update for the Core
detection engine.
MAC2(core)# updateimage built-in

Installing image SC-OSX-20131003.img...
Previous version of SC-OSX-20131003.img exists. Checking
integrity...
Latest Image SC-OSX-20131003.img is already installed
Previous version of SC-XP-20140617.img exists. Checking
integrity...
Previous version of SC-W7-20140521.img exists. Checking
integrity...

upgrade
Table 88: upgrade
Description Upgrade a configured Juniper ATP Appliance Mac OSX Mac Mini device. If the Mac Mini has already been upgraded to Ubuntu
14.04, this upgrade command will not be visible at the CLI because it will not be needed.
Please note that this command will only show up for existing customers that have Mac Mini devices configured as Juniper ATP
Appliance Mac OSX detection engine Secondary Cores (running Ubuntu 13.10). For new customers running Juniper ATP Appliance
Release 3.2.5, each Mac Mini device is shipped with the new Ubuntu 14.04 version already installed, so in this case, the upgrade
command will again not be available from the Juniper ATP Appliance Mac OSX Engine CLI.
Product(s) Mac Mini OS X Detection Engine

CLI
Mode(s) Core
Syntax upgrade
Parameters
built-in Updates the guest-image on the Mac OSX Detection “secondary core.”.
Example The following example performs a built-in Mac OS X profile update for the Mac Mini-based Secondary core detection engine..
MAC2(core)# upgrade
wizard
Table 89: wizard
Description Enters the Configuration Wizard. For Configuration Wizard commands and response, see
“Configuration Wizard for the CoreCM Server” in the next section to follow command
prompts and recommended responses.
Mode(s) Basic
Parameters wizard
Example None
The following command starts the configuration wizard.
hostname # wizard
Configuration Wizard Command Prompt Responses
Configuration Wizard Prompts Customer Response from the Mac Mini

Use DHCP to obtain the IP address and DNS server address We strongly discourage the use of DHCP addressing because it
for the administrative interface (Yes/No)? changes dynamically. A static IP address is preferred.
NOTE: Only if your DHCP response is no,enter the following Recommended: Respond with no:
e. Do you have a secondary DNS Server (Yes/ No).
g. Enter the search domain (separate multiple search
domains by space): Enter yes to restart with the new configuration settings applied.
Restart the administrative interface (Yes/No)?
for example: juniperatp1

[OPTIONAL] Refer to “Configuring an Alternate Analysis Engine Interface” in

the Juniper ATP Appliance Operator’s Guide for more
If the system detects a Secondary Core with an eth2 port, information.
then the alternate CnC exhaust option is displayed:
(example: 255.255.0.0)
Enter gateway IP Address for the alternate-exhaust (eth2) alternate-exhaust (eth2) interface.
Enter yes or no to confirm or deny an eth2 secondary DNS server.
Enter primary DNS server IP Address for the alternate-exhaust
(eth2) interface: (example: 8.8.8.8) Enter yes or no to indicate whether you want to enter search
domain.
Do you have a secondary DNS server for the alternate-exhaust
(eth2) interface?


than 60 seconds
Regenerate the SSL self-signed certificate (Yes/ No)? Enter yes to create a new SSL certificate for the Juniper ATP
If you decline the self-signed certificate by entering no, be

prepared to install a certificate authority (CA) certificate.

Enter the following server attributes: Required:Enter the IP address of the Juniper ATP Appliance
Server Core/CM or All-in-One.
Central Manager (CM) IP Address:
Enter a Juniper ATP Appliance Mac Mini or Core/CM Device
Device Name: (must be unique) Name; this identifies the Mac OS X or Core Engine in the Web
UI.
Device Description
Enter a device Description
Device Key PassPhrase
Enter the same PassPhrase used to authenticate the Core or
NOTE: Remember this passphrase and use it for all Mac Mini to the Central Manager.
distributed devices!
Traffic Collector CLI Commands
This chapter describes the commands specific to the Juniper ATP Appliance Collector
CLI. The available commands are as follows:

• Collector Mode Commands on page 95
• Configuration Wizard Command Prompt Progressions on page 116
Basic Mode Commands

• exit on page 31
• help on page 33
Collector Mode Commands

• exit on page 31
• help on page 33


• copy on page 30
• exit on page 31
• help on page 33

• exit on page 31
• help on page 33
• ping on page 34

Traffic Collector CLI Commands

• copy on page 98
• exit on page 99
• help on page 100
• ping on page 102
• set traffic-monitoring (for JATP700 and JATP400 Appliances) (collector
mode) on page 110
capture-start
Description Starts packet capture as a means for diagnosing and debugging network traffic
and obtaining stats.
See Also: “diagnosis” on page 31 [mode]; “collector” on page 29 [mode]; “copy”

on page 30
Mode(s) Diagnosis

Table 90: capture-start (continued)
Sub-Commands None
Example The following example starts a packet capture process on interface eth1 for a
Traffic Collector with IP address 8.8.8.8:
NOTE: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a
host that the capture filters on.
collector
Table 91: collector
Description Enters the Collector configuration mode.
See Also: “server” on page 36 [mode]
Mode(s) Basic
Syntax collector
Parameters None
Sub-Commands “exit” on page 31;“help” on page 33; “history” on page 33; “set proxy (collector
mode)” on page 39; “show (collector mode)” on page 45
Example The following example enters collector configuration mode:
hostname # collector
hostname (collector)# ?
copy
Table 92: copy
Description Uses Secure Copy (SCP) to scp to copy and transfer packet capture or traceback
(crash) data to a remote location, providing the same authentication and level
of security as an SSH transfer.
The copy traceback command, upon Customer Support's request, copies the
traceback files out of the box to a remote location.
See Also: “diagnosis” on page 31 [mode]; “capture-start” on page 55

Mode(s) Diagnosis
Syntax copy capture <scp source_file_name

username@destination_host:destination_folder> | traceback all <string
URI as user@hostname:path>

copy traceback all <path string>
Sub-Commands None
Example The following example copies the file "captureEth1.txt" from the local host to
a remote host:
diagnosis
Table 93: diagnosis
Mode(s) Basic
Syntax diagnosis
Parameters None
Sub-Commands “capture-start” on page 55; “copy” on page 30; “exit” on page 31; “gssreport” on
page 32; “help” on page 33; “history” on page 33; “set (server mode)” on page 42;
“setupcheck” on page 44; “show (diagnosis mode)” on page 47; “show (server
mode)” on page 68
exit
Table 94: exit

Table 94: exit (continued)
Mode(s) Basic | Server | Collector | Diagnosis
Syntax exit
Parameters None

JATP#
gssreport
Table 95: gssreport
Description Use the gssreport command to submit reports to Juniper Global Security Services
(GSS), and to display the status of the current GSS report.
See Also: “gssreport” on page 32; “diagnosis” on page 31[mode]
Mode(s) diagnosis
Sub-Commands None

help
Table 96: help

Syntax help
Parameters None

subsequent repeat of this key, when a command has been resolved, will
display a detailed reference.
AUTO-COMPLETION
The following keys both perform auto-completion for the current command
line. If the command prefix is not unique then the bell will ring and a
subsequent repeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command. If there
is a syntax error then offending part of the command line will be highlighted
and explained.
[space] - Auto-completes, or if the command is already resolved inserts a
space.
interface
<cr>
history
Table 97: history
Syntax history
Parameters None
Example The following examples returns command line history for the current CLI session.
JATP# history

ifrestart
Table 98: ifrestart
Mode(s) Server
Parameters eth0 Restarts the management network administra interface.
ping
Table 99: ping
Description Sends ICMP (Internet Control Message Protocol) echo request packets to a
specified host name or IP address to verify that the destination is reachable over
the network.
Mode(s) Server
Parameters
-ccount Number of echo requests to send. By default, pings ar continuously u
Example The following example sends three echo requests to the device with the IP
Address 10.10.10.1



reboot
Table 100: reboot
Mode(s) Server
Syntax reboot
Parameters None
hostname# reboot
restart
Table 101: restart
Mode(s) Server
Syntax restart [all | behaviorengine | cm | collector | core | correlationengine | database

| ntpserver | sshserver | staticengine | webserver]
Parameters
JATP# restart cm
server
Table 102: server
See Also: “collector” on page 29

Table 102: server (continued)
Mode(s) Basic
Syntax server
Sub-Commands “exit” on page 31; “help” on page 33; “history” on page 33; “ifrestart” on page 34;
“ping” on page 34; “reboot” on page 35; [Unresolved xref]; “set (server mode)”
on page 42; “show (server mode)” on page 68
hostname # server
set proxy (collector mode)
Table 103: set proxy
Description Sets an Inside or Outside data path proxy from collector mode.
Deploy Traffic Collectors in locations where the monitoring interface is (1) placed
“outside” between the proxy and the egress network for customer environments
in which the proxy supports XFF (X-Forwarded-For), or (2) [the more typical
deployment scenario], the Collector is placed between the proxy and the internal
network using FQDN (if available) to identify the threat source for all types of
incidents (“inside” proxy). When configured, the Juniper ATP Appliance Traffic
Collector will monitor all traffic and correctly identify source and destination
hosts for each link in the kill chain wherever the data allows for it.
Note that if the “X-Forwarded-For” header is provided in the HTTP request,

detection will identify threat targets when deployed outside of the proxy
(customers can choose to disable the XFF feature in the proxy setting, if desired).
See Also: “set (server mode)” on page 42; “set (diagnosis mode)” on page 40
NOTE: The mitigation IP address of a CNC server is not be available for Inside
proxy deployments. When a Juniper ATP Appliance is deployed behind a proxy,
the Mitigation-> Firewall page in the Juniper ATP Appliance Central Manager
Web UI (which typically displays the CNC server IP address to mitigate) will be
empty. The destination IP address of any callback is made to the proxy server ip
address, so it is not relevant to display the proxy server IP address on the
Mitigation->Firewall page.
Mode(s) collector
Syntax set proxy inside {add <proxy IP address> <proxy port> | remove <proxy IP
address> <proxy port>
set proxy outside {add <proxy IP address> | remove <proxy IP address>

Table 103: set proxy (continued)
Parameters
inside Sets the inside proxy IP addresses
outside Sets the outside proxy IP addresses
add Adds a proxy configuration.
remove Removes a proxy configuration.
Example The following example sets an inside data path proxy:
JATP(collector)# set proxy inside 10.1.1.1 53
The following example sets an outside data path proxy:
JATP(collector)# set proxy inside 10.2.1.1
set honeypot (collector mode)
Table 104: set honeypot
Description Enables and disables the SSH-Honeypot feature for a Traffic Collector.
A honeypot can be deployed within a customer network to detect network activity

generated by malware attempting to infect or attack other machines in a local
area network. These attempted SSH logins can be used to supplement detection
of lateral spread.
There are two parameters that can be set for a honeypot:
• Enable/disable a honeypot
• Set a Static IP (IP, mask, and gateway) or DHCP of a publicly addressable
interface
See Also: show honeypot command in “show (collector mode)” on page 45
Mode(s) collector
Syntax (collector)# set honeypot ssh-honeypot enable dhcp
(collector)# set honeypot ssh-honeypot enable address (IP address) netmask

(subnet IP) gateway (IP address)
(collector):# set honeypot ssh-honeypot disable
(collector)# set honeypot ssh-honeypot enable address 1.2.3.4 netmask

255.255.0.0 gateway 1.2.3.1
NOTE: The static IP configuration does not require configuring DNS. Honeypots
do not require a DNS server at this time.

Table 105: set
mode.
See Also:“set (server mode)” on page 42 ; “set proxy (collector mode)” on

page 39
Mode(s) diagnosis
Syntax set logging
Parameters
components.
set protocols (collector mode)
Table 106: set protocols
Description Enables and disables the HTTP or SMB parser for a Traffic Collector.
See Also: show protocols command in “show (collector mode)” on page 45
Mode(s) collector
Syntax (collector)# set protocols {http [on|off] | smb [on|off]}
hostname (collector) set protocols smb on

set (server mode)
Table 107: set
Mode(s) Server, See Also:“set (diagnosis mode)” on page 40; “set proxy (collector mode)”
on page 39
Syntax set [autoupdate {on | off} | cli timeout secs | clock | cm address | support {on
| off} | passphrase string | dns | firewall {all <backup | flush> | whitelist} |
hostname string | ip {interface | dhcp | address | netmask | gateway} |
ntpserver | password | proxy {config | enabled | remove} |timezone string
| uipassword]
Parameters
(See table below)
autoupdate {software| content} {on|off} Turn on or off the automatic product update feature.
autoupdate {software| content} {on|off}
example: set autoupdate content on
cli timeout secs Set CLI timeout period in seconds (0 indicates no timeout).
clock Sets the current date and time.
cm address Sets the IP address of the Central Manager and netmask using the slash notation;
example: AAA.BBB.CCC.DD/x
set support {enable | disable} | Enables remote SSH login “support” account or localmode enable|/disable.
{localmode}
passphrase string Sets the device key password; enter a string.
dns Sets the DNS servers (or enable DHCP for DNS) for the management interface
eth0.
firewall {all <backup | flush> | whitelist Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes or
<add | delete | flush>} flushes the current iptables whitelist-specific settings for the firewall.
Whitelist rules rely on normal service shutdown to be backed up. Powering off a
VM directly will lose the whitelist state as rules cannot be saved in that case
hostname string Sets the system’s host name.
ip {interface | dhcp | address | netmask Sets the IP address, netmask, or default gateway, or enables DHCP for the
|gateway} management interface eth0.

password Sets a new password for the CLI administrator.
proxy {config <all|http> | enable <on|off> Config, enable/disable, or remove “all” proxy configs, or remove an HTTP-specific
| remove <all|http>} proxy server.
needed.
timezone {US/ Eastern | US/ Central | Show the current timezone; example:
US/ Mountain
TIP: set timezone <tab> shows options.
Examples The following example sets an ip address for the device management interface
eth0.
JATP# set ip interface 10.1.1.1
Mode(s) server

Table 108: set appliance-type (continued)
Parameters
all-in-one
core-cm
email-collector
traffic-collector

new form factor.
set traffic-filter (collector mode)
Table 109: set traffic-filter
Description Sets traffic filter rules to avoid analysis on a set of configured traffic, which cannot
be made retroactive; for example: any analysis skipped as a result of the filtering
cannot be reversed. This command can be applied to an entire network/subnet/
CIDR range.
See Also: “set (server mode)” on page 42;“show (diagnosis mode)” on page 47
[show traffic-filter]
Mode(s) collector
Syntac set traffic-filter {add <rule_name> <domain> <sourceaddress>

<destination-address> <source-port> <destination-port> <protocol> |
remove <rule_name>}

Table 109: set traffic-filter (continued)
Parameters
traffic-filter add Adds a traffic filter rule where:
<RuleString> “RuleString” is the name of the rule
<Dom-ainString> “DomainString” is the domain to filter out
<sourc-eaddress> “source-address” is the source IPv4 address or networ
<destination-address> “destination-address” is the destination IPv4 address o
<source-port> “source-port” is the source port number (0-65535)
<destinationport> “destination-port” is the destination port number
<protocol> (0-65535)“protocol” is the protocol type: either IP, TCP
Example The following example add a traffic filter rule to the Traffic Collector.
JATP-collector02(collector)# set traffic-rule add CustomRule2

headqrts.example.com 10.2.00/16 20.0.0.2 90 120 tcp
where destination-address is 20.0.0.2, destination-port is 120, protocol is tcp,

source-address is 10.2.0.0/16 and source-port is 90 (in our example).
set traffic-monitoring (for JATP700 and JATP400 Appliances) (collector mode)
Table 110: set traffic-monitoring
Description Sets the traffic monitoring interface on the JATP700 and JATP400.
Mode(s) collector
Syntax # set traffic-monitoring-ifc 1gb_ifc
# set traffic-monitoring-ifc 10gb_ifc
NOTE: After making an interface type change, the system must be rebooted for
the change to take effect.
setupcheck

Mode(s) diagnosis
Parameters
all Checks both basic settings and analysis pipelin.
Example The following example checks all basic configuration settings as well as the
analysis pipeline:
Table 112: show
Description Displays the Traffic Collector current traffic filters and the current XFF status
(enabled or disabled)
Mode(s) Collector
Subcommands traffic-filter | proxy | honeypot
Syntax show

Parameters
traffic-filter Shows all traffic filter rules.
protocols Shows current HTTP or SMB prot
proxy {inside |outside} Shows Traffic Collector proxy for i

configurations. See also show pro
“show (server mode)” on page 6
honeypot Shows the current honeypot conf
show honeypot ssh-honeypot
Example The following example displays the current Collector proxy inside settings:
collector02(collector)# show proxy inside

Proxy IPs: 10.1.1.1
The following example displays the current traffic filter:
collector02 (collector)# show traffic-filter

Name: CustomRule2, Domain: headqtrs.example.com
The following example displays the current SMB protocol parser setting:
collector02 (collector)# show protocols
Table 113: show
mode.
See Also:“show (server mode)” on page 68; “show (collector mode)” on page 45
Mode(s) diagnosis
Syntax show

Parameters
device {collectorstatus | | corestatus | Display connected device statistics for Traffic Co
slavecorestatus} Mini Detection Engine Secondary “slave core.”
protocol {web | email} Displays the session counts for network web or e
See Also: “set (diagnosis mode)” on page 40 lo
log error traceback Displays only the tracebacks (if any) generated b
OS process error logs. A traceback is a stack
of functions that were executing when an error co
NOTE: Not available from the Collector CLI.
log error last <integer: number of lines to display> Displays n [1-1000] lines of the contents of the c
NOTE: Not available from the Collector CLI.
NOTE: Example: show log error last 12

<cr>
IP : 10.2.9.68
Enabled : True
Last Seen : 2014-07-25 15:13:17.967000-07:00
Install Date : 2014-06-25 19:03:38-07:00
IP : 10.2.20.3
Enabled : True
Last Seen : 2014-07-28 11:07:42.046000-07:00
Install Date : 2013-11-14 09:25:39-08:00
show (server mode)
Table 114: show

Mode(s) Server, See Also: show (collector mode); “show (diagnosis mode)” on page 47
Syntax show
Parameters
(See the columns below)
cli timeout Show the CLI timeout setting.
support Show the remote SSH login support status.
interface Show information about the management (administrative) network interface eth0
and the monitoring interface eth1.
ip Show the IP address of the management (administrative) interface eth0.
Results may show both private and public IP addresses if the AWS vCore has a
public IP.
proxy Show current proxy configuration.

stats [cpuload | disk | memory] Show system statistics:
• cpuload shows the average CPU load in the system

• disk shows the disk space usage in the system.
• memory shows the system memory usage.
# show stats cpuload

(0.06, 0.13, 0.13)
timezone Show the current timezone.
uptime Show the last manual upgrade-related information.
version Show Juniper ATP Appliance software and content security versions.
Example The following example displays information about the All-in-One server device
type:
All-in-One(server)# show devicetype

Device type: cm, core, web_collector.
shutdown
Table 115: shutdown
Mode(s) Server
Syntax shutdown
Parameters None
JATP# shutdown
traceroute
Mode(s) Server | Collector
Syntax traceroute

Table 116: traceroute (continued)
Parameters
string Names the remote system to be trace
JATP# traceroute -h 2 8.8.8.8
wizard
Table 117: wizard
Description Enters the Configuration Wizard. For Configuration Wizard commands and response,
see “Configuration Wizard for the CoreCM Server” in the next section to follow
command prompts and recommended responses.
Mode(s) Basic
Syntax wizard
Parameters None
Example The following command starts the configuration wizard.
hostname # wizard
Configuration Wizard Command Prompt Progressions

Table 118: Configuration Wizard
Configuration Wizard Prompts Customer Response from Collector

Table 118: Configuration Wizard (continued)
Use DHCP to obtain the IP address and We strongly discourage the use of DHCP addressing because it changes
DNS server address for the administrative dynamically. A static IP address is preferred.
interface (Yes/No)?
Recommended: Respond with no:
NOTE: Only if your DHCP response is no
,enter the following information when a. Enter an IP address
prompted: b. Enter a netmask using the form 255.255.255.0.
c. Enter a gateway IP address.
a. IP address (no CIDR format)
d. Enter the DNS server IP address
b. Netmask
c. Enter a gateway IP address for this
management (administrative) f. Enter yes if you want DNS lookups to use a specific domain.
interface: g. Enter search domain(s) separated by spaces; for example: example.com
d. Enter primary DNS server IP address. lan.com dom2.com
e. Do you have a secondary DNS Server Enter yes to restart with the new configuration settings applied.
(Yes/ No).
f. Do you want to enter the search
domains?
g. Enter the search domain (separate
multiple search domains by space):
Restart the administrative interface

(Yes/No)?
Enter a valid hostname. Type a hostname when prompted; do not include the domain; for example:
juniperatp1
NOTE: Only alphanumeric characters and hyphens (in the middle of the hostname)
are allowed.
Regenerate the SSL self-signed certificate Not applicable to Collector.

(Yes/ No)?
Enter the following server attributes: Required: Enter the IP address of the Juniper ATP Appliance Server All-in-One CM
or CoreCM to which you are connecting [another] Collector in order to register with
Central Manager (CM) IP Address: and view the Collector in the CM Web UI.
Device Name: (must be unique) Enter the Juniper ATP Appliance Collector Device
Device Description Name; this identifies the Collector in the Web UI.
Device Key PassPhrase Enter a device Description
NOTE: Remember this passphrase and Enter the same PassPhrase used to authenticate the Collector to the Central
use it for all distributed devices! Manager.
without completing the

Glossary of Terms
Alternate Exhaust Interface An eth2 interface configured (optionally) to contain analysis engine CnC traffic off the
management network (eth0).
Anti-SIEM A Juniper ATP Appliance Advanced Threat Analytics (ATA) feature that allows for more
detailed endpoint and log ingestion handling, management and reporting; includes Active
Directory, Splunk and Direct Log Ingestion options.
AWS Amazon Web Services and EC2 management console from which Juniper ATP Appliance
administrators can configure vCore AMI images.
Blacklist A list or register of entities to be denied a specified access or privilege. During detection
engine analysis, when content matches any pattern on the blacklist, the content is deemed
malicious and therefore an alert or block action is enacted immediately.
Collector Juniper ATP Appliance’s Traffic inspection and object collection mechanism
CnC server Command and control server that directs the operation of a botnet.
CLI Command-line interface. The Juniper ATP Appliance has a CLI interface for administering
the appliance.
CM The Juniper ATP Appliance Central Manager component that has a web-based graphical
user interface.
Darkspace Currently unused address space.
DHCP Dynamic Host Configuration Protocol.
DMZ Demilitarized zone. An area of the network where systems have direct access to the Internet
or an external network.
DNS Domain Name Service.
Event Indicates a type of security intrusion or attack.
Greylist Greylists provide control over the priority of workorders for known IP addresses and URLs.
Greylists contain files that contain either URLs or IP addresses and are used by the Juniper
ATP Appliance analysis engines to check if the specified URLs or IP addresses contain a
malicious rule match.
GUI Graphical user interface. The Juniper ATP Appliance uses a web-based GUI for managing
the appliance.
Known botnet server bot command Events that are triggered when the appliance sees any of the common IRC bot commands
or detects any communication sent to known botnet servers.
Lateral Detection East-west detection of malware within the enterprise spread from endpoint host to host.
Malware Malicious software used by attackers to disrupt, control, steal, cause data loss, spy upon,
or gain unauthorized access to computer systems.

NTP Network Time Protocol.
OS-anomaly Events that indicate modification of the operating system.
OSPF Open Shortest Path First. A protocol that computes an optimal path for traffic in a TCP/IP
network.
Sandbox mode A mode in which malware is permitted to run, but results of the malware action are
restricted to the virtual machine and not permitted to escape.
SNMP Simple Network Management Protocol.
spyware A type of malware installed on computers that collects small pieces of information about
user(s) it is spying on.
SSL Secure Sockets Layer.
TLS Transport Layer Security.
VLAN Virtual Local Area Network.
VM Virtual Machine. A software program that runs an instance of an operating system. The
operating system runs on top of a program that emulates a hardware system.
Worm A self-replicating malware program that uses a computer network to send copies of itself
to other computers. This may be done without any user intervention.
Zero-day attack An attack by malware that exploits unknown or newly discovered vulnerabilities in software
before they become known or before security patches are applied to fix them
Related • All-in-One CLI Commands on page 25

Documentation
• Mac OS X Engine CLI Commands on page 75


Jatp Cli Reference Guide

Uploaded by

Copyright:

Available Formats

Jatp Cli Reference Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Jatp Cli Reference Guide

Uploaded by

Copyright:

Available Formats

CLI Command Reference Guide

Copyright © 2019, Juniper Networks, Inc.

CLI Command Reference Guide

YEAR 2000 NOTICE

END USER LICENSE AGREEMENT

ii Copyright © 2019, Juniper Networks, Inc.

Copyright © 2019, Juniper Networks, Inc. iii

iv Copyright © 2019, Juniper Networks, Inc.

set (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Copyright © 2019, Juniper Networks, Inc. v

Traffic Collector CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

vi Copyright © 2019, Juniper Networks, Inc.

Copyright © 2019, Juniper Networks, Inc. vii

Table 39: Configuration Wizard for All-in-One Server . . . . . . . . . . . . . . . . . . . . . . . 51

viii Copyright © 2019, Juniper Networks, Inc.

Table 88: upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Copyright © 2019, Juniper Networks, Inc. ix

x Copyright © 2019, Juniper Networks, Inc.

• Documentation and Release Notes on page xi

Documentation and Release Notes

Table 1 on page xii defines notice icons used in this guide.

Copyright © 2019, Juniper Networks, Inc. xi

Table 1: Notice Icons

Icon Meaning Description

Informational note Indicates important features or instructions.

Warning Alerts you to the risk of personal injury or death.

Tip Indicates helpful information.

Best practice Alerts you to a recommended use or implementation.

Table 2: Text and Syntax Conventions

Convention Description Examples

xii Copyright © 2019, Juniper Networks, Inc.

Table 2: Text and Syntax Conventions (continued)

Convention Description Examples

| (pipe symbol) Indicates a choice between the mutually broadcast | multicast

Indention and braces ( { } ) Identifies a level in the configuration [edit]

Copyright © 2019, Juniper Networks, Inc. xiii

• E-mail—Send your comments to techpubs-comments@juniper.net. Include the document

Requesting Technical Support

• JTAC policies—For a complete understanding of our JTAC procedures and policies,

• Product warranties—For product warranty information, visit

Self-Help Online Tools and Resources

• Find CSC offerings: https://www.juniper.net/customers/support/

• Search for known bugs: https://prsearch.juniper.net/

• Find product documentation: https://www.juniper.net/documentation/

• Download the latest versions of software and review release notes:

• Search technical bulletins for relevant hardware and software notifications:

xiv Copyright © 2019, Juniper Networks, Inc.

• Join and participate in the Juniper Networks Community Forum:

• Create a service request online: https://myjuniper.juniper.net

Creating a Service Request with JTAC

• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, see

Copyright © 2019, Juniper Networks, Inc. xv

xvi Copyright © 2019, Juniper Networks, Inc.

CLI Command Reference Guide

This preface contains the following sections:

• About This Guide on page 17

About This Guide

• “Introduction” on page 19—Includes an overview of CLI usage, CLI Modes and

• “All-in-One CLI Commands” on page 25—Provides information about system commands