Method used to process user expiration for the USG6000

0

The account expiration time can be configured on the device. An expired account cannot be used for login. However, the NGFW does not force online users offline after their accounts expire.
To restore the user account to the active state, prolong the validity period or reset the expiration date to ensure that the user account never expires.
system-view
[sysname] user-manage user test
[sysname-localuser-test] expire-time 2015/12/31

Other related questions:
Method used to process user expiration for the USG2000&5000 series
The account expiration time can be configured on the device. An expired account cannot be used for login. However, the NGFW does not force online users offline after their accounts expire. To activate an expired account, prolong the validity period or set the expiration date to never. system-view [sysname] user-manage user test [sysname-localuser-test] expire-time 2015/12/31

Method used to configure the L2TP user name and password on the USG6000
The L2TP user name and password can be configured as follows: Configure the L2TP user name and password using the CLI: 1. Set the user name and password (consistent with those set on the LAC), and bind the user with the authentication domain. a. Configure the authentication domain for the L2TP user. [LNS] aaa [LNS-aaa] domain domain1.com [LNS-aaa-domain-domain1.com] quit [LNS-aaa] quit b. Configure the L2TP user. [LNS] user-manage user vpdnuser domain domain1.com [LNS-localuser-vpdnuser@domain1.com] password Password1 [LNS-localuser-vpdnuser@domain1.com] quit 2. Enable the L2TP. [LNS] l2tp enable 3. Create and configure the L2TP group. [LNS] l2tp-group 1 [LNS-l2tp1] tunnel name LNS [LNS-l2tp1] allow l2tp virtual-template 1 remote LAC [LNS-l2tp1] tunnel authentication [LNS-l2tp1] tunnel password cipher Password1 [LNS-l2tp1] quit 4. Configure the address pool allocated to the user. [LNS] aaa [LNS-aaa] domain domain1.com [LNS-aaa-domain-domain1.com] ip pool 1 192.168.0.2 192.168.0.100 [LNS-aaa-domain-domain1.com] quit [LNS-aaa] quit Configure the L2TP user name and password using the web UI: 1. Configure the L2TP user. a. Choose Object > User > User/Group. b. Select the default authentication domain. c. In Member Management, click New and select New User. Configure parameters as follows: User name: pc1 Password: Password1 Confirm password: Password1 d. Click OK. 2. Configure the L2TP parameters. a. Choose Network > L2TP > L2TP. b. In Configure L2TP, select Enable and click Apply. c. In L2TP Group List, click New. d. Set Group Type to LNS. e. Configure the L2TP parameters. The server address shall be in the same network segment as the address in the address pool. In this way, you do not need to configure a route. Peer Tunnel Name must be consistent with Local Tunnel Name configured on the LAC. Group Type: LNS Peer Tunnel Name: LAC Tunnel Password Authentication: Enable Password Type: Ciphertext Tunnel password: Hello123 Confirm Tunnel password: Hello123 User Group: default Set the user address allocation parameters as follows: Server Address/Subnet Mask: 10.2.1.1/255.255.255.0 User Address Pool: 10.2.1.2-10.2.1.100 f. Click OK.

Method used to process and analyze the CPW_OTU_TEL_PATHMIS alarm
1. Possible causes for the CPW_OTUk_TEL_PATHMIS alarm are as follows: (1) The optical-layer ASON and electrical-layer ASON are enabled at the same time. (2) The resource reservation statuses on the source and sink boards are inconsistent. (3) The resource occupancy statuses on the source and sink boards are inconsistent. (4) The cross-connection configurations on the source and sink boards are inconsistent. (5) The networkwide electrical-layer flooding modes are inconsistent. 2. Solutions: (1) Possible cause 1: If the optical-layer ASON and electrical-layer ASON are enabled at the same time but the electrical-layer ASON is not required, disable the electrical-layer ASON. (2) Possible cause 2: Confirm with the customer to change the resource reservation statuses to the same. (3) Possible cause 3: Confirm with the customer to change the resource occupation statuses to the same. (4) Possible cause 4: Check the channel occupation statuses at both ends of the link. If the link is occupied by static services at one end but is occupied by ASON services at the other end, downgrade ASON services to static services. Check whether the egress channel is idle but the ingress channel is not. If unidirectional cross-connections are residual, delete unidirectional cross-connections or add reversed cross-connections. (5) Possible cause 5: Change the flooding modes of networkwide electrical-layer links to the same.

Configuring user-based traffic control on the USG6000 series
User-based traffic policies can be configured on the USG6000 series if users are authenticated on the device. If users are authenticated on other devices, user- or account-based traffic control cannot be implemented. The configuration procedure is as follows: 1. Configure a traffic profile and specify the bandwidth resources available for users. system-view [sysname] traffic-policy [sysname-policy-traffic] profile traffic_profile [sysname-policy-traffic-profile-traffic_profile] bandwidth maximum-bandwidth whole upstream 2000 2. Configure a traffic policy and enable the traffic policy to reference the configured traffic profile. [sysname-policy-traffic] rule name traffic_rule [sysname-policy-traffic-rule-traffic_rule] source-zone trust [sysname-policy-traffic-rule-traffic_rule] destination-zone untrust [sysname-policy-traffic-rule-traffic_rule] user username user1 [sysname-policy-traffic-rule-traffic_rule] action qos profile traffic_profile

Manually importing SSL VPN users in batches on the USG6000
The procedure for manually importing users and user groups in batches on the USG6000 is as follows: 1. Prepare a CSV file and upload the CSF file to the memory of the NGFW. a. The CSV file can be obtained in the following ways: Export a CSV template from the local NGFW or other NGFWs. Fill in user information in the CSV template based on the required format. Choose Object > User > Import User > Local Import or Object > User > User/Group > Member Management > Import and download a CSV template. b Precautions (1) The file name extension of the CSV file is .csv. (2) During the import, if the current number of users reaches the maximum value, the import is suspended and imported users are not affected. If an attribute of a user in the CSV file is invalid, this user and subsequent users cannot be imported and imported users are not affected. (3) After the CSV file is imported successfully, user/group information is imported to the memory. The information is lost after the NGFW restarts. Therefore, save the configuration properly. (4) In two-node hot backup mode, users imported from a CSV file are not backed up from the primary device to the secondary device. Perform import on both the primary and secondary devices. 2. Run the following commands in the system view: user-manage user-import csv-file [ auto-create-group | override ] auto-create-group If the user group to which a user in the CSV file belongs does not exist on the NGFW, the NGFW automatically creates the user group during the import. Override If a user in the CSV file already exists on the NGFW, you can enable the NGFW to automatically update the attributes of this user based on the CSV file.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top