Configuration of using a non-management interface to manage the USG2000&5000 series

19

To use a non-management interface to manage the USG2000&5000 series, you can configure as follows:
1. Choose Network > Interface > Interface on the web page.
2. On the interface editing page, select Enable Access Management and the corresponding protocol.
This configuration has a higher priority than security policies. After enabling access management on the interface, even if the security policy between the local zone and the interface locating security zone is disabled, as an administrator, you can still log in to the device through the interface.

Other related questions:
Configuration of using a non-management interface to manage the USG6000 series on the CLI
To manage the USG6000 series through a non-management interface, you can configure the CLI as follows: # On GigabitEthernet 1/0/1, configure to allow the administrator to access the device using HTTP. system-view [sysname] interface GigabitEthernet 1/0/1 [sysname-GigabitEthernet1/0/1] service-manage http permit This configuration has a higher priority than security policies. After enabling access management on the interface, even if the security policy between the local zone and the interface locating security zone is disabled, as an administrator, you can still log in to the device through the interface.

Configuration of using a non-management interface to manage the USG6000 series on the web UI
To manage the USG6000 series through a non-management interface, you can configure the web UI as follows: 1. Choose Network > Interface. 2. On the interface editing page, select Enable Access Management and the corresponding protocol. This configuration has a higher priority than security policies. After enabling access management on the interface, even if the security policy between the local zone and the interface locating security zone is disabled, as an administrator, you can still log in to the device through the interface.

Enabling the access management function on the USG2000&5000
Enable the management function on the USG2000&5000 as follows: sys [USG5100]int g0/0/1 [USG5100-GigabitEthernet0/0/1]service-manage ?/ Enable access management under the physical interface. all ALL service enable Service manage switch on/off http HTTP service https HTTPS service ping Ping service snmp SNMP service ssh SSH service telnet Telnet service [USG5100-GigabitEthernet0/0/1]qu [USG5100]int vlanif 100 [USG5100-Vlanif100]service-manage ? /Enable access management under the VLANIF interface. all ALL service enable Service manage switch on/off http HTTP service https HTTPS service ping Ping service snmp SNMP service ssh SSH service telnet Telnet service [USG5100-Vlanif100]qu

Method for using external IP addresses to manage the USG2000&5000 series
If you want to log in to and manage the firewall through external IP addresses, try to configure address/port mapping on the management PC and map the login address of the firewall to an external IP address.

Configuring a remote login mode for the USG2000&5000
Configure a remote login mode for the USG2000&5000 as follows: 1. Log in to the device through SSH. Through the configuration, users log in to the device through SSH to configure and management the device. Note: In hot standby networking, SSH configuration commands are not synchronized from the active device to the standby device. You must configure SSH on both devices. Procedure: a. Set IP addresses for interfaces. system-view [USG] interface GigabitEthernet 0/0/1 [USG-GigabitEthernet0/0/1] ip address 10.1.1.1 255.255.255.0 [USG-GigabitEthernet0/0/1] quit b. Create SSH user Client001. Configure the VTY user interface. [USG] user-interface vty 0 4 [USG-ui-vty0-4] authentication-mode aaa [USG-ui-vty0-4] protocol inbound ssh [USG-ui-vty0-4] quit Create SSH user Client001. Create SSH user Client001 and set the authentication mode to password authentication. [USG] ssh user client001 [USG] ssh user client001 authentication-type password Set the password to Admin@123 for SSH user Client001. [USG] aaa [USG-aaa] local-user client001 password irreversible-cipher Admin@123 [USG-aaa] local-user client001 service-type ssh [USG-aaa] quit c. Set the service to STelnet for SSH users Client001 and Client002 and enable the STelnet service. [USG] ssh user client001 service-type stelnet [USG] stelnet server enable d. Run the client software that supports SSH and establish an SSH connection. 2. Log in to the device through Telnet. Through the configuration, users log in to the device through Telnet to configure and management the device. Note: Port 23 and Telnet are enabled on the USG by default. Users can run the undo telnet server enable command to disable port 23 and Telnet. Procedure: a. Access the USG user view through the console interface. b. Set IP addresses for interfaces. The local user access GigabitEthernet0/0/1 of the USG through Telnet, the interface IP address is 10.10.10.10, and subnet mask is 255.0.0.0. system-view [USG] interface GigabitEthernet 0/0/1 [USG-GigabitEthernet0/0/1] ip address 10.10.10.10 255.0.0.0 [USG-GigabitEthernet0/0/1] quit c. Configure user information. Configure the authentication mode to AAA for the VTY interface, and set the Telnet user name to user1, password to password@123, password storage mode to cipher, and level to level 3. system-view [USG] user-interface vty 0 4 [USG-ui-vty0-4] authentication-mode aaa [USG-ui-vty0-4] protocol inbound telnet [USG-ui-vty0-4] quit [USG] aaa [USG-aaa] local-user user1 password irreversible-cipher password@123 [USG-aaa] local-user user1 service-type telnet [USG-aaa] local-user user1 level 3 d. Run the Telnet program on a PC (Windows). Choose Start > Run on the PC. In the Run window, enter telnet 10.10.10.10 (to connect interface IP address 10.10.10.10). e. Click OK to connect to the USG.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top