Method used to disable the interface access function for the USG6000 series on the CLI

18

The following example is provided for you to disable the interface login for the USG6000 series on the CLI:
# On GigabitEthernet 1/0/1, configure to prohibit the administrator from accessing the device using HTTP.
system-view
[sysname] interface GigabitEthernet 1/0/1
[sysname-GigabitEthernet1/0/1] service-manage http deny
This configuration has a higher priority than security policies. After the configuration completes, even you are allowed to access the local zone from the interface locating security zone, as an administrator, you still cannot log in to the device through the interface.

Other related questions:
Method used to disable the interface access function for the USG6000 series on the web UI
You can disable the interface login for the USG6000 series on the web UI as follows: 1. Choose Network > Interface. 2. On the interface editing page, deselect Enable Access Management. This configuration has a higher priority than security policies. After the deselection of Enable Access Management, even you are allowed to access the local zone from the interface locating security zone, as an administrator, you still cannot log in to the device through the interface.

Method used to disable the interface access function for the USG2000&5000 series on the web UI
You can disable the interface login for the USG2000&5000 series as follows: 1. Choose Network > Interface > Interface on the web page. 2. On the interface editing page, deselect Enable Access Management. This configuration has a higher priority than security policies. After the deselection of Enable Access Management, even you are allowed to access the local zone from the interface locating security zone, as an administrator, you still cannot log in to the device through the interface.

Configuration of using a non-management interface to manage the USG6000 series on the CLI
To manage the USG6000 series through a non-management interface, you can configure the CLI as follows: # On GigabitEthernet 1/0/1, configure to allow the administrator to access the device using HTTP. system-view [sysname] interface GigabitEthernet 1/0/1 [sysname-GigabitEthernet1/0/1] service-manage http permit This configuration has a higher priority than security policies. After enabling access management on the interface, even if the security policy between the local zone and the interface locating security zone is disabled, as an administrator, you can still log in to the device through the interface.

Method used to disable the DPD function on the USG2000
In the system view, run the undo ike dpd command to disable the DPD function.

Method used to disable the DHCP function on the USG2000 and USG5000
On the USG2000, USG5000, and USG6000, you can disable the DHCP function as follows: On the CLI, enter undo dhcp enable. sys [USG]undo dhcp enable

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top