Restricting the administrator to access the USG2000&5000&6000 through a fixed source address

Configure the USG2000&5000&6000 to restrict the administrator to access through a fixed source address as follows:
Set the VTY authentication mode to AAA on the USG to allow login of only a certain IP address:
system-view

[USG6600]

[USG6600] acl 3000
[USG6600-acl-adv-3000]rule permit ip source 192.168.1.2 0 //192.168.1.2 allowed only.

[USG6600-acl-adv-3000]quit

[USG6600] user-interface vty 0 4

[USG6600-ui-vty0-4] authentication-mode aaa

[USG6600-ui-vty0-4]acl 3000 inbound //The ACL here is deny by default.

[USG6600-ui-vty0-4] quit

After the preceding configurations, only addresses for which the action is permit in ACL 3000 or specific source addresses can telnet to the firewall.

Scroll to top