Restricting the administrator to access the USG2000&5000&6000 through a fixed source address

Configure the USG2000&5000&6000 to restrict the administrator to access through a fixed source address as follows:
Set the VTY authentication mode to AAA on the USG to allow login of only a certain IP address:


[USG6600] acl 3000
[USG6600-acl-adv-3000]rule permit ip source 0 // allowed only.


[USG6600] user-interface vty 0 4

[USG6600-ui-vty0-4] authentication-mode aaa

[USG6600-ui-vty0-4]acl 3000 inbound //The ACL here is deny by default.

[USG6600-ui-vty0-4] quit

After the preceding configurations, only addresses for which the action is permit in ACL 3000 or specific source addresses can telnet to the firewall.

Scroll to top