Enabling security policies on the USG2000&5000

0

The operation for enabling the security policy on the USG2000/5000 is as follows:
Search for Typical Configuration Examples > Security Policy in USG2200/5000 Product Documentation.

Other related questions:
Enabling security policies on the USG6000
The operation for enabling the security policy on the USG6000 is as follows: Search for the following content in USG6000 Product Documentation:-For security policy configuration through the web UI, see Security Policy and Content Security > Configuring a Security Policy Using the Web UI. -For security policy configuration through the CLI, see Security Policy and Content Security > Configuring a Security Policy Using the.

Enabling the access management function on the USG2000&5000
Enable the management function on the USG2000&5000 as follows: sys [USG5100]int g0/0/1 [USG5100-GigabitEthernet0/0/1]service-manage ?/ Enable access management under the physical interface. all ALL service enable Service manage switch on/off http HTTP service https HTTPS service ping Ping service snmp SNMP service ssh SSH service telnet Telnet service [USG5100-GigabitEthernet0/0/1]qu [USG5100]int vlanif 100 [USG5100-Vlanif100]service-manage ? /Enable access management under the VLANIF interface. all ALL service enable Service manage switch on/off http HTTP service https HTTPS service ping Ping service snmp SNMP service ssh SSH service telnet Telnet service [USG5100-Vlanif100]qu

Adding ACL rules to policies on the USG2000&5000
ACLs ACL is an important method of data control on the device, and applies to packet filtering, Network Address Translation (NAT), IPSec, Quality of Service (QoS), and policy-based routing. The routing device defines a series of rules to filter packets and therefore determine which packets can pass through. These rules are defined by the ACL. An ACL consists of a series of orderly rules containing permit and deny clauses. These rules cover source IP addresses, destination IP addresses, and port numbers of packets. The ACL classifies packets through these rules. After the rules are applied to the interface of a routing device, the device determines which packets can be received and which shall be denied according to the ACL. ? Basic ACL: controls packets based on source IP addresses. ? Advanced ACL: controls packets based on source IP addresses, destination IP addresses, source ports, destination ports, and protocols. ? MAC address-based ACL: controls packets or Ethernet frames based on source MAC addresses, destination MAC addresses, and types and priorities of data frames. How to apply these ACLs to policies? The following part uses an example to describe how to add ACL rules to a policy. For example: 1. Add an ACL rule. acl number 2001 rule 0 permit source 192.168.1.0 0.0.0.255 # route-policy CMD permit node 10 if-match acl 2001 # In the preceding configuration, access control is based on source addresses. After the rule is added to the routing policy, forwarding is performed only after the rule condition is met.

Enabling or disabling the Telnet or SSH function on the USG2000&5000
Enable or disable the Telnet or SSH function on the USG2000&5000 as follows: 1. Run the following commands in the CLI to enable or disable the Telnet or SSH function: sy [USG5100]aaa [USG5100-aaa]local-user admin service-type ? dot1x 802.1X user ftp FTP user ppp Indicate PPP user ssh SSH user telnet Telnet user terminal Terminal user web Web authentication user [USG5100-aaa]local-user admin service-type ssh web telnet As shown in the preceding method, only the SSH, web, and Telnet services are enabled for the admin account. Services can be enabled as required.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top