Method used to disable the interface access function for the USG2000&5000 series on the web UI

2

You can disable the interface login for the USG2000&5000 series as follows:
1. Choose Network > Interface > Interface on the web page.
2. On the interface editing page, deselect Enable Access Management.
This configuration has a higher priority than security policies. After the deselection of Enable Access Management, even you are allowed to access the local zone from the interface locating security zone, as an administrator, you still cannot log in to the device through the interface.

Other related questions:
Method used to disable the interface access function for the USG6000 series on the web UI
You can disable the interface login for the USG6000 series on the web UI as follows: 1. Choose Network > Interface. 2. On the interface editing page, deselect Enable Access Management. This configuration has a higher priority than security policies. After the deselection of Enable Access Management, even you are allowed to access the local zone from the interface locating security zone, as an administrator, you still cannot log in to the device through the interface.

Method for configuring HTTPS login to the web UI of the USG2000&5000
Web login for the USG2000&5000
Operation procedure
Note:
The USG enables HTTP/HTTPS by default.
When you use HTTP for access, the device automatically switches to use HTTPS that is more secure.
1. Enable the HTTP service.
Run the system-view command to enter the system view.
Run the command of web-manager enable [ port port-number ] to enable the HTTP.
On the web browser, log in to the device through the address in the format of http://ip-address:port. The default port is 80.
2. Enable the HTTPS service.
By default, when the client PC logs in to the server using HTTPS, the server will send a default certificate to the client PC.
Run the system-view command to enter the system view.
Run the command of web-manager security enable port port-number to enable HTTPS.
On the web browser of the client PC, log in to the device through the address in the format of http://ip-address:port. The default port is 8443.
3. (Optional) Configure the timeout period for the web service.
Run the command of web-manager timeout minutes to set the web service timeout period.
The default web service timeout period is 10 minutes.
4. (Optional) Configure a web user.
Run the aaa command to enter the AAA view.
Run the command of local-user user-name password { cipher | irreversible-cipher } password to craete a local AAA user.
Run the command of local-user user-name service-type web to set user type to web.
Run the command of local-user user-name level level to specify the user level.
5. Note:
The default user name of admin and password of Admin@123 can be used for login.
To ensure successful login of the web user, you must at least configure the web user permission to level 3.

Task Example
1. Configure the IP address of the USG.
system-view
[USG] interface GigabitEthernet 0/0/1
[USG-GigabitEthernet0/0/1] ip address 10.1.1.1 24
[USG-GigabitEthernet0/0/1] quit
2. Add the interface to the security zone to ensure normal network communication. The detailed procedure is omitted.
3. Enable the web management function.
[USG] web-manager security enable port 2000
4. Configure a web user.
[USG] aaa
[USG-aaa] local-user webuser password irreversible-cipher Admin@123
[USG-aaa] local-user webuser service-type web
[USG-aaa] local-user webuser level 3
5. Configure the PC IP address as 10.1.1.100/24.
Use the PC browser to access https://10.1.1.1:2000. Enter the user name and password to check whether the device can be logged in to.

Requirements on the browser used to log in to the web UI of the USG2000&5000
The web system supports multiple browsers. You can log in to the web system through either Firefox 2.0 (or later versions) or the Internet Explorer 6.0 (or later versions). When logging in to the web UI, note the following points: 1. When you log in to the web system by using the Internet Explorer 8.0 or 9.0, to make sure that contents can be properly displayed on the web page, select ToolsCompatibility View in the menu bar. 2. When you use the Internet Browser, do not set the security level too high; otherwise, the web page cannot be displayed. If you use the web proxy to access the web system, select ToolsInternet Options Advanced on the menu bar, and select Use HTTP 1.1 through proxy connections. Otherwise, the web page cannot be displayed. The previous options are examples from IE 6.0. 3. If you use Firefox, choose Tools OptionsContent on the menu bar and select Enable JavaScript. Then select ToolsOptionsPrivacy and Accept cookies from cites and Accept third-party cookies. Otherwise, the web page cannot be displayed. The previous options are examples from Firefox 3.6. 4. The web platform does not support the backward, forward, refresh buttons on a browser. If you use these buttons, the web page may return to the login page. 5. To ensure the normal display of the page after the version upgrade, you are advised to clear the browser cache and cookies and then access the page. Internet Explorer 6.0 is used as an example. On the menu bar of the Internet Explorer browser, select ToolsInternet Options. In Temporary Internet files on the General tab page, click Delete Cookies. Then click OK. In Temporary Internet files on the General tab page, click Delete Files. Select Delete all offline content and click OK.

Method for changing the web service port of the USG2000&5000 series on the web UI
You can change the web service port number of the USG2000&5000 series on the web UI as follows: 1. Choose System > Administrator > Setting. 2. Select Enable corresponding to HTTP Service or HTTPS Service. 3. Enter the port number in HTTP Service Port or HTTPS Service Port. The default HTTP port number is 80, and the default HTTPS port number is 8443. 4. Click Apply. After logging in to the device using HTTP, you cannot disable the HTTP service or change the HTTP service port. After logging in to the device using HTTPS, you cannot disable the HTTPS service or change the HTTPS service port.

Method for configuring remote login to the web UI of the USG2000&5000 series
The management interface of the firewall has the web login function enabled by default. If you need to log in through other interfaces, enable HTTPS access management at corresponding interfaces.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top