https://devdb.secteam.juniper.net/xmlexport.cgi

set security forwarding-process application-services maximize-idp-sessions


volume/ftp/private/systest/9.4


static {
    route 10.157.5.245/32 next-hop 10.157.64.1;
    route 207.17.137.227/32 next-hop 10.157.64.1;
    route 10.100.3.117/32 next-hop 10.157.64.1;
    route 6.0.0.0/8 next-hop 4.0.0.1;
    route 7.0.0.0/8 next-hop 5.0.0.1;
    route 20.20.20.20/32 next-hop 5.0.0.1;
    route 10.157.4.14/32 next-hop 10.157.64.1;
}


set routing-options static route 10.157.5.245/32 next-hop 10.157.64.1




>show config
name-server {
192.168.5.68;
172.17.28.101;
172.17.28.100;
}


set system name-server 172.24.245.10 



show service objcache
show memory; 
show arena; 
show ser mum
show usp mem
show heap
show usp mem-use
show usp idp ipc counters
show security monitoring

 To enable debug on SPU for policy push
Enable debug 
-	debug usp idp features subs enable
-	debug usp idp level debug
-	debug usp idp features policy enable
-	debug usp idp features ioctl enable

More to add 
debug usp idp features flow enable
debug usp idp features ioctl enable
debug usp idp features subs enable
debug usp idp features module enable
debug usp idp features detector enable
debug usp idp features policy enable
debug usp idp level debug

set usp idp const sc_sm_loopback 1

debug log 
-	show usp flow trace 0
-	show syslog messages


debug ai

debug usp idp qmodule appsig enable



svn co https://10.155.191.244/svn/idp/viking --username
wget http://10.155.191.245/idp/packages/run-3.4.10


set security idp sensor-configuration ssl-inspection sessions 10
set security idp sensor-configuration detector protocol-name SSL tunable-name sc_ssl_flags tunable-value 1
run request security idp ssl-inspection key add sslserver server 5.0.0.1 file /tmp/sslserver.key


set security idp custom-attack cs1 severity major attack-type signature context stream direction client-to-server pattern ".*applidtest.*" protocol-binding application FTP 


set security idp custom-attack ai-http-test-1 severity info attack-type signature context http-get-url direction client-to-server pattern ".*juniper.*"

set security idp custom-attack ai-ftp-test1 severity info attack-type signature context ftp-username direction client-to-server pattern ".*root.*"


master controller:
10.155.239.30
10.155.232.3
10.155.250.107


+++++++++++
Loading balancing override

go to the cp spu
do a show usp spu mapping and note the listed spus
then do
set usp spu override <spuid?
all sessions will be created on that spu
u can do set usp spu override disable to revert back to combo mode load balancing
00       Physical SPU 28      Load Weight 50
 01       Physical SPU 29      Load Weight 100
spu id would be 29 if we want traffic go to spu1


++++++++++
HA: commit synchornize force
    commit details