gya

##NetScreenの設定を初期化
-> get system
　・・・
Serial Number: xxxxxxxxxxxxxxxx
　・・・
テキストファイルに保存しおくと便利

２．シリアル番号でログインする
ID、パスワード共にシリアル番号を入力してNetScreenにログインする
ログインすると初期化のプロセスが走り出す
 login: xxxxxxxxxxxxxxxx
password: xxxxxxxxxxxxxxxx
!!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults,
 clearing all current configuration and settings. Would you like to continue?  y/[n] y


##NetScreenでホスト名を設定する
ns5xt-> set ho hogehoge
hogehoge->
hogehoge->



##NetScreenではリンクダウン等でALARMのLEDランプが点灯した場合、自動では消灯しない
portscanを検知した場合などもALARMランプが点灯する。

[Reports] --> [System Log] --> [Event]
で、[clear]を押してもALARMランプは消えない。

次のコマンドを実行しないかぎり消灯しない。

> clear led alarm




##NetScreenでパケットキャプチャ（基本）

hogehoge-> snoop
Start Snoop, type ESC or 'snoop off' to stop, continue? [y]/n y
hogehoge-> snoop off
Snoop off
hogehoge-> get dbuf stream ?
>                    redirect output
|                    match output
<return>
all                  from all slots
<number>             percentage offset of debug buffer(0-99)
hogehoge-> get dbuf stream | i icmp



##
OSあげ
hogehoge-> save software from flash to tftp 1.1.1.1 test


OSさげ
save software from tftp 1.1.1.1 test to flash



##NetScreenでNTPを使って強制的に時刻同期
hogehoge-> set clock dst-off
hogehoge-> set clock ntp
hogehoge-> set clock timezone 9
hogehoge-> set ntp server 1.1.1.3
hogehoge-> ping 1.1.1.3
!!!!!
hogehoge-> exec ntp up
update               do the update from this server




##NetScreenで設定を保存する
hogehoge-> set console page 0
hogehoge-> get config
Total Config size 2859:
set clock dst-off
set clock ntp
set clock timezone 9
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin auth timeout 10
set admin auth server "Local"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
unset interface vlan1 ip
set interface trust ip 1.1.1.2/24
set interface trust route
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface trust dhcp server service
set interface trust dhcp server auto
set interface trust dhcp server option gateway 192.168.1.1
set interface trust dhcp server option netmask 255.255.255.0
set interface trust dhcp server ip 192.168.1.33 to 192.168.1.126
set flow tcp-mss
unset flow no-tcp-seq-check
set flow tcp-syn-check
set console page 0
set hostname hogehoge

set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set ike respond-bad-spi 1
unset ike ikeid-enumeration
unset ipsec access-session enable
set ipsec access-session maximum 5000
set ipsec access-session upper-threshold 0
set ipsec access-session lower-threshold 0
set ipsec access-session dead-p2-sa-timeout 0
unset ipsec access-session log-error
unset ipsec access-session info-exch-connected
unset ipsec access-session use-error-log
set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" permit
set policy id 1
exit
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set config lock timeout 5
set ntp server "1.1.1.3"
set ntp server src-interface "trust"
set modem speed 115200
set modem retry 3
set modem interval 10
set modem idle-time 10
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
exit
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
hogehoge->






##NetScreen で speed と duplex を設定する
hogehoge-> set interface trust phy full 100mb
hogehoge-> trust interface change state to Down
hogehoge-> set interface trust phy auto
hogehoge-> trust interface change state to Up



##NetScreenで設定をTFTPサーバにバックアップする
hogehoge->  save conf from flash to tftp 1.1.1.1 gegeg
Read config from flash.
 System config (1012 bytes) loaded
.
Done.