1.查看安全策略

>show  security policies

顺序就是按照显示出来的顺序，与Index无关，从上到下匹配

2. 调整防火墙策略

#insert security policies from-zone CAMERAS to-zone INTERNET policy CAMERAS-to-NTP before policy CAMERAS-to-INTERNET

3.查看防火墙策略匹配情况

>show security policies hit-count 查看所有策略历史命中数

4.查看当前会话 

>show security flow session

5.Flow的Debug

set security flow traceoptions file flowlog #生成文件名flowlog
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter to0 source-prefix 192.168.1.61/32
set security flow traceoptions packet-filter to0 destination-prefix 192.168.0.12/32
#上面2条是设置一个packet-filter把从源192.168.1.61到目标192.168.0.12的流量Debug信息记入floglog文件
SRX> show log filelog #查看filelog文件内容
SRX> clear log filelog #清除filelog文件内容