Configuring DNS proxy through the web UI of the USG2000&5000 series

0

The USG2000&5000 series can serve as the DNS proxy to forward DNS request and reply packets between the DNS client and DNS server. Specify the DNS server address through the web UI so that the device can serve as the DNS proxy to send domain name resolution requests to the DNS server.
1. Choose Network > DNS > DNS.
2. Click Add in DNS Server List.
3. Set the IP address of the DNS server.
If you do not select the external network interface, the configured DNS server address is the global address. Enter the IPv4 or IPv6 address of the DNS server in the DNS Server Address text box. Click OK.
If you select a specific external network interface, the configured DNS server address is the address bound with the interface and applies only to this interface.
If the operation succeeds, the new configuration whose Obtaining Mode is Manual is displayed in DNS Server List.
Repeat the preceding operations to add the IPv4 or IPv6 addresses of multiple DNS servers.
4. Optional: In Configure DNS Query Packets' Source Address, set the Source Interface or Source Address.
5. Click Apply
.

Other related questions:
Configuring DNS proxy through the web UI of the USG6000 series
The USG6000 series can serve as the DNS proxy to forward DNS request and reply packets between the DNS client and DNS server. Specify the DNS server address through the web UI so that the device can serve as the DNS proxy to send domain name resolution requests to the DNS server. 1. Choose Network > DNS > DNS. 2. Click Add in DNS Server List. 3. Set the IP address of the DNS server. If you do not select the external network interface, the configured DNS server address is the global address. Enter the IPv4 or IPv6 address of the DNS server in the DNS Server Address text box. Click OK. If you select a specific external network interface, the configured DNS server address is the address bound with the interface and applies only to this interface. If the operation succeeds, the new configuration whose Obtaining Mode is Manual is displayed in DNS Server List. Repeat the preceding operations to add the IPv4 or IPv6 addresses of multiple DNS servers. 4. Optional: In Configure DNS Query Packets's Source Address, set the Source Interface or Source Address. 5. Click Apply .

Configuring DNS proxy through the CLI of the USG2000&5000 series
The USG2000&5000 series can serve as the DNS proxy to forward DNS request and reply packets between the DNS client and DNS server. After the IPv4 DNS proxy function is enabled and the IP address of the DNS server changes, you only need to change the DNS proxy configurations. Therefore, network management is simplified. 1. Run the system-view command to access the system view. 2. Run the dns proxy enable command to enable the IPv4 DNS proxy function. The IPv4 DNS proxy function is disabled by default. 3. Run the dns server { ip-address | unnumbered interface interface-type interface-number } command to add the DNS server. 4. Optional: Run the dns host source { interface-type interface-number | ip-address } command to specify the source address of the query packet.

Method for configuring HTTPS login to the web UI of the USG2000&5000
Web login for the USG2000&5000
Operation procedure
Note:
The USG enables HTTP/HTTPS by default.
When you use HTTP for access, the device automatically switches to use HTTPS that is more secure.
1. Enable the HTTP service.
Run the system-view command to enter the system view.
Run the command of web-manager enable [ port port-number ] to enable the HTTP.
On the web browser, log in to the device through the address in the format of http://ip-address:port. The default port is 80.
2. Enable the HTTPS service.
By default, when the client PC logs in to the server using HTTPS, the server will send a default certificate to the client PC.
Run the system-view command to enter the system view.
Run the command of web-manager security enable port port-number to enable HTTPS.
On the web browser of the client PC, log in to the device through the address in the format of http://ip-address:port. The default port is 8443.
3. (Optional) Configure the timeout period for the web service.
Run the command of web-manager timeout minutes to set the web service timeout period.
The default web service timeout period is 10 minutes.
4. (Optional) Configure a web user.
Run the aaa command to enter the AAA view.
Run the command of local-user user-name password { cipher | irreversible-cipher } password to craete a local AAA user.
Run the command of local-user user-name service-type web to set user type to web.
Run the command of local-user user-name level level to specify the user level.
5. Note:
The default user name of admin and password of Admin@123 can be used for login.
To ensure successful login of the web user, you must at least configure the web user permission to level 3.

Task Example
1. Configure the IP address of the USG.
system-view
[USG] interface GigabitEthernet 0/0/1
[USG-GigabitEthernet0/0/1] ip address 10.1.1.1 24
[USG-GigabitEthernet0/0/1] quit
2. Add the interface to the security zone to ensure normal network communication. The detailed procedure is omitted.
3. Enable the web management function.
[USG] web-manager security enable port 2000
4. Configure a web user.
[USG] aaa
[USG-aaa] local-user webuser password irreversible-cipher Admin@123
[USG-aaa] local-user webuser service-type web
[USG-aaa] local-user webuser level 3
5. Configure the PC IP address as 10.1.1.100/24.
Use the PC browser to access https://10.1.1.1:2000. Enter the user name and password to check whether the device can be logged in to.

Configuration of IP sweep attack defense for the USG2000&5000 series on the web UI
You can configure IP sweep attack defense for the USG2000&5000 series on the web UI. 1. Choose Firewall > Security Protection > Attack Defense. 2. In the attack defense configuration list, choose Attack Defense Type > Scan. 3. On the Configure Scan Attack Defense page, select Enable corresponding to IP Sweep. 4. Set parameters for IP sweep attack defense. 5. Click Apply.

Configuration of SIP flood attack defense for the USG2000&5000 series on the web UI
You can configure SIP flood attack defense for the USG2000&5000 series on the web UI. Configure SIP flood attack defense based on IP addresses. 1. Choose Firewall > Security Protection > Attack Defense. 2. In the attack defense configuration list, choose Attack Defense Type > Application Layer > SIP Flood. 3. On the Configure SIP Flood Attack Defense page, select Enable corresponding to Defense. 4. Set a port range. 5. Click Add. Enter an IP address in the IP Address text box. 6. Click Apply. Configure SIP flood attack defense based on security zones. 1. Choose Firewall > Security Protection > Attack Defense. 2. In the attack defense configuration list, choose Attack Defense Type > Application Layer > SIP Flood. 3. On the Configure SIP Flood Attack Defense page, select Enable corresponding to Defense. 4. Set a port range. 5. Click the (Optional) Based on Security Zones tab. 6. Click Add. Select a security zone from the Security Zone drop-down list. 7. Click Apply.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top