Configuring an address set for the USG2000&5000 series

12

The USG2000&5000 series supports configuring an address set using the web UI or CLI. An address set can contain IP addresses, network segments, IP address ranges, and MAC addresses and be contained in another address set.
Configuring an address set using the web UI:
Choose Firewall > Address > Address Set and then click Create in Address Set List. Enter or select the address set name and description, reference the address or address set, configure the IP address, and click Apply.

Configuring an address set using the CLI:
1. Run the ip address-set address-set-name [ type { object | group } | vpn-instance vpn-instance-name ] * command in the system view to create an address set and access its view.
2. Run the address [ id ] { ip-address { 0 | wildcard | mask { mask-address | mask-len } } | range start-ip-address end-ip-address | address-set address-set-name | mac-address } [ description description ] command to add a member to this address set.
You can run this command repeatedly to add multiple members to this address set.
3. Run the description text command to configure the address set description.

Other related questions:
Setting the SSH password on the USG2000&5000
Login through SSH improves the security of data transmission. Therefore, you are advised to log in through SSH. In addition, you are advised to use AAA for authentication. 1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through SSH. 2. Configure connection number limit on the VTY administrator interface. 3. Set the administrator account and password for login through SSH. system-view [sysname] ssh user admin1 [sysname] ssh user admin1 authentication-type password [sysname] aaa [sysname-aaa] local-user admin1 password cipher ********* [sysname-aaa] local-user admin1 service-type ssh [sysname-aaa] local-user admin1 level 3 [sysname-aaa] local-user admin1 access-limit 1 4. Enable the STelnet service on the device. 5. Set the client service mode of the SSH account to STelnet.

Setting the console password on the USG2000&5000
For the login through the console port, the account and password must be set. 1. During the first log, use the default account (admin) and password (Admin@123) of the console port. 2. To prevent an unauthorized user to access the device with the default account and password, you are advised to change this password after your first login to the device. system-view [sysname] user-interface Console 0 [sysname-ui-Console0] authentication-mode local user admin password cipher *********

Traffic statistics configuration on the USG2000&5000 series
You can configure traffic statistics on the CLI of the USG2000&5000 series: 1. Configure an ACL to define packets to be debugged. 2. Run the firewall statistic acl 3333 enable command in the diagnose view. [USG-diagnose] firewall statistic acl 3333 enable 3. Run the display firewall statistic acl command in the diagnose view. [USG-diagnose] display firewall statistic acl 14:33:26 2010/03/27 Current Show sessions count: 1 Protocol(ICMP) SourceIp(172.16.1.156) DestinationIp(172.16.1.25) SourcePort(1) DestinationPort(2048) VpnIndex(public) Receive Forward Discard Obverse : 4 pkt(s) 4 pkt(s) 0 pkt(s) Reverse : 4 pkt(s) 4 pkt(s) 0 pkt(s) Discard detail information: Check whether the firewall receives packets, forwards the packets, and receives return packets. If some packets are dropped, determine the packet loss location. View packet discard possible causes to identify the cause. 4. After debugging is complete, disable traffic statistics as soon as possible because long-term traffic statistics affect firewall performance. 5. Run the undo firewall statistic command to disable traffic statistics. 6. Run the reset firewall statistic acl all command to clear statistics. 7. If necessary, run the undo acl xxxx command to delete the configured ACL.

Web password setting for the USG2000&5000 series
The default user name/password for login to the web UI is admin/Admin@123. For system security, as a web administrator, you are advised to change the password after login. system-view [sysname] aaa [sysname-aaa] local-user admin1 password irreversible-cipher ********* [sysname-aaa] local-user admin1 service-type web [sysname-aaa] local-user admin1 level 3

Method for setting a permanently available password for the administrator of the USG2000&5000 series
For the USG2000&5000 series, the following example is provided for you to set the validity period of the administrator login password: # Set the password validity period for the administrator test to 80 days. system-view [sysname] aaa [sysname-aaa] local-user test password valid-days 80 For the USG6000 series, the following example is provided for you to set the validity period of the administrator login password: # Set the password validity period for the administrator test to 80 days. system-view [sysname] aaa [sysname-aaa] manager-user test [sysname--manager-user-test] password valid-days 80 If valid-days is set to 0, the password never expires. For more command details, see the product documentation.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top