Relationship and differences between the service-manage command and the security policy of an interface

30

The service-manage command is used to allow or reject the administrator to access the firewall using HTTP, HTTPS, Ping, SSH, SNMP, and Telnet.
The security policy is used to control the traffic forwarding and integrated traffic content detection of the firewall.
After you enable the access management function for an interface, the administrator can manage the firewall over this interface even if the security policy for the zone where the interface resides and the local zone is not enabled.
By default, the management interface (GE0/0/0) allows the administrator to access the firewall using the HTTP, HTTPS, Ping, SSH, SNMP, and Telnet, and the non-management interface does not allow the administrator to access the firewall using these protocols.
Note: If you need to control the access permissions of the firewall based on source IP addresses, you can disable the access control (using the undo service-manage enable command) and then configure the security policy to control the source IP address.

Other related questions:
What is the relationship between the actions defined in a security policy and a profile
If a flow matches a security policy, the device performs the defined action of the policy on the flow. -If the action is Block, the device blocks the flow. -If the action is Permit, the device matches the flow with the profiles referenced by the security policy. If no match is found, the device permits the flow. If the flow matches one or more security profiles, the device will perform the following actions: If the action of one of these profiles is Block, the device blocks the flow. If the actions of these profiles are Alert, the device permits the flow and records a log.

What is the relationship between the applications defined in a security policy and a profile
They are not related. The application defined in a security policy is the condition for the traffic to match the policy, whereas the application defined in a profile is the condition for the traffic to match the profile. The FW compares the traffic attributes with the defined application when the traffic matches a security policy or profile.

Command for configuring a security policy on the USG6000
The procedure for configuring a security policy on the USG6000 is as follows: 1. Run the security-policy command to access the security policy view from the system view. 2. Run the rule name rule-name command to create a security policy rule in the security policy view and access the security policy rule view. 3. Define the match conditions of the security policy. (Run different commands based on various functions. For details, see "Configuring a Security Policy Using the CLI" in the product documentation.) 4. Run the action { permit | deny } command to configure the action for the security policy rule. For configuration details, see "Configuring a Security Policy Using the CLI" in the product documentation.

Descriptions of the web-manager and web-manager security commands on the USG
Descriptions of the web-manager and web-manager security commands are as follows: Functions: The web-manager enable command enables a web server. Syntax web-manager enable [ port port-number ] web-manager security enable port port-number Parameter description security specifies the type of packets exchanged between the web browser and web server. Packets fall into the following types: 1. security not selected: HTTP packets are exchanged between the web browser and web server, and the default port is 80. 2. security selected: HTTPS packets are exchanged between the web browser and web server, and the default port is 8443. 3. port port-number specifies the service port of the web server. The value is an integer ranging from 1025 to 50000.

Modifying security policies through the CLI of the USG6000
On the CLI of the USG6000 series, access the view of a specific policy and run the undo command to remove conditions in the security policy. Then you can add desired conditions or modify the action.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top