Method for configuring remote login to the web UI of the USG2000&5000 series

2

The management interface of the firewall has the web login function enabled by default. If you need to log in through other interfaces, enable HTTPS access management at corresponding interfaces.

Other related questions:
Method for configuring HTTPS login to the web UI of the USG2000&5000
Web login for the USG2000&5000
Operation procedure
Note:
The USG enables HTTP/HTTPS by default.
When you use HTTP for access, the device automatically switches to use HTTPS that is more secure.
1. Enable the HTTP service.
Run the system-view command to enter the system view.
Run the command of web-manager enable [ port port-number ] to enable the HTTP.
On the web browser, log in to the device through the address in the format of http://ip-address:port. The default port is 80.
2. Enable the HTTPS service.
By default, when the client PC logs in to the server using HTTPS, the server will send a default certificate to the client PC.
Run the system-view command to enter the system view.
Run the command of web-manager security enable port port-number to enable HTTPS.
On the web browser of the client PC, log in to the device through the address in the format of http://ip-address:port. The default port is 8443.
3. (Optional) Configure the timeout period for the web service.
Run the command of web-manager timeout minutes to set the web service timeout period.
The default web service timeout period is 10 minutes.
4. (Optional) Configure a web user.
Run the aaa command to enter the AAA view.
Run the command of local-user user-name password { cipher | irreversible-cipher } password to craete a local AAA user.
Run the command of local-user user-name service-type web to set user type to web.
Run the command of local-user user-name level level to specify the user level.
5. Note:
The default user name of admin and password of Admin@123 can be used for login.
To ensure successful login of the web user, you must at least configure the web user permission to level 3.

Task Example
1. Configure the IP address of the USG.
system-view
[USG] interface GigabitEthernet 0/0/1
[USG-GigabitEthernet0/0/1] ip address 10.1.1.1 24
[USG-GigabitEthernet0/0/1] quit
2. Add the interface to the security zone to ensure normal network communication. The detailed procedure is omitted.
3. Enable the web management function.
[USG] web-manager security enable port 2000
4. Configure a web user.
[USG] aaa
[USG-aaa] local-user webuser password irreversible-cipher Admin@123
[USG-aaa] local-user webuser service-type web
[USG-aaa] local-user webuser level 3
5. Configure the PC IP address as 10.1.1.100/24.
Use the PC browser to access https://10.1.1.1:2000. Enter the user name and password to check whether the device can be logged in to.

Method for configuring remote login to the web UI of the USG6000 series
The management interface of the firewall has the web UI login function enabled by default.

Retrieving the web UI login password on the USG2000&5000
Retrieve the web UI login password on the USG2000&5000 as follows: In this case, you need to log in to the device through Telnet or console port. The operations are as follows (with user1 being the user that has forgotten the password): Login authentication Username:admin Password:********** Note: The max number of VTY users is 5, and the current number of VTY users on line is 1. NOTICE:This is a private communication system. Unauthorized access or use may lead to prosecution. system-view [USG] aaa [USG-aaa] local-user user1 password cipher password@123 //Indicates re-setting the password of account user1.

Configuring a remote login mode for the USG2000&5000
Configure a remote login mode for the USG2000&5000 as follows: 1. Log in to the device through SSH. Through the configuration, users log in to the device through SSH to configure and management the device. Note: In hot standby networking, SSH configuration commands are not synchronized from the active device to the standby device. You must configure SSH on both devices. Procedure: a. Set IP addresses for interfaces. system-view [USG] interface GigabitEthernet 0/0/1 [USG-GigabitEthernet0/0/1] ip address 10.1.1.1 255.255.255.0 [USG-GigabitEthernet0/0/1] quit b. Create SSH user Client001. Configure the VTY user interface. [USG] user-interface vty 0 4 [USG-ui-vty0-4] authentication-mode aaa [USG-ui-vty0-4] protocol inbound ssh [USG-ui-vty0-4] quit Create SSH user Client001. Create SSH user Client001 and set the authentication mode to password authentication. [USG] ssh user client001 [USG] ssh user client001 authentication-type password Set the password to Admin@123 for SSH user Client001. [USG] aaa [USG-aaa] local-user client001 password irreversible-cipher Admin@123 [USG-aaa] local-user client001 service-type ssh [USG-aaa] quit c. Set the service to STelnet for SSH users Client001 and Client002 and enable the STelnet service. [USG] ssh user client001 service-type stelnet [USG] stelnet server enable d. Run the client software that supports SSH and establish an SSH connection. 2. Log in to the device through Telnet. Through the configuration, users log in to the device through Telnet to configure and management the device. Note: Port 23 and Telnet are enabled on the USG by default. Users can run the undo telnet server enable command to disable port 23 and Telnet. Procedure: a. Access the USG user view through the console interface. b. Set IP addresses for interfaces. The local user access GigabitEthernet0/0/1 of the USG through Telnet, the interface IP address is 10.10.10.10, and subnet mask is 255.0.0.0. system-view [USG] interface GigabitEthernet 0/0/1 [USG-GigabitEthernet0/0/1] ip address 10.10.10.10 255.0.0.0 [USG-GigabitEthernet0/0/1] quit c. Configure user information. Configure the authentication mode to AAA for the VTY interface, and set the Telnet user name to user1, password to password@123, password storage mode to cipher, and level to level 3. system-view [USG] user-interface vty 0 4 [USG-ui-vty0-4] authentication-mode aaa [USG-ui-vty0-4] protocol inbound telnet [USG-ui-vty0-4] quit [USG] aaa [USG-aaa] local-user user1 password irreversible-cipher password@123 [USG-aaa] local-user user1 service-type telnet [USG-aaa] local-user user1 level 3 d. Run the Telnet program on a PC (Windows). Choose Start > Run on the PC. In the Run window, enter telnet 10.10.10.10 (to connect interface IP address 10.10.10.10). e. Click OK to connect to the USG.

Method for changing the web service port of the USG2000&5000 series on the web UI
You can change the web service port number of the USG2000&5000 series on the web UI as follows: 1. Choose System > Administrator > Setting. 2. Select Enable corresponding to HTTP Service or HTTPS Service. 3. Enter the port number in HTTP Service Port or HTTPS Service Port. The default HTTP port number is 80, and the default HTTPS port number is 8443. 4. Click Apply. After logging in to the device using HTTP, you cannot disable the HTTP service or change the HTTP service port. After logging in to the device using HTTPS, you cannot disable the HTTPS service or change the HTTPS service port.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top