Enabling the access management function on the USG2000&5000

10

Enable the management function on the USG2000&5000 as follows:
sys
[USG5100]int g0/0/1
[USG5100-GigabitEthernet0/0/1]service-manage ?/ Enable access management under the physical interface.
all ALL service
enable Service manage switch on/off
http HTTP service
https HTTPS service
ping Ping service
snmp SNMP service
ssh SSH service
telnet Telnet service
[USG5100-GigabitEthernet0/0/1]qu

[USG5100]int vlanif 100
[USG5100-Vlanif100]service-manage ? /Enable access management under the VLANIF interface.
all ALL service
enable Service manage switch on/off
http HTTP service
https HTTPS service
ping Ping service
snmp SNMP service
ssh SSH service
telnet Telnet service
[USG5100-Vlanif100]qu

Other related questions:
Enabling or disabling the Telnet or SSH function on the USG2000&5000
Enable or disable the Telnet or SSH function on the USG2000&5000 as follows: 1. Run the following commands in the CLI to enable or disable the Telnet or SSH function: sy [USG5100]aaa [USG5100-aaa]local-user admin service-type ? dot1x 802.1X user ftp FTP user ppp Indicate PPP user ssh SSH user telnet Telnet user terminal Terminal user web Web authentication user [USG5100-aaa]local-user admin service-type ssh web telnet As shown in the preceding method, only the SSH, web, and Telnet services are enabled for the admin account. Services can be enabled as required.

Enabling security policies on the USG2000&5000
The operation for enabling the security policy on the USG2000/5000 is as follows: Search for Typical Configuration Examples > Security Policy in USG2200/5000 Product Documentation.

Whether the USG2000&5000 support the Telnet function
By default, the USG2000&5000 have the Telnet function enabled, and users can directly use the initial administrator account admin to log in to the device.

Enabling IP spoofing attack defense on the USG2000&5000 series
The USG2000&5000 looks up the routing table for the outgoing interfaces of reverse traffic destined to the source. If the incoming interface of the traffic and the outgoing interface of the reverse traffic are different, the packets are considered IP spoofing packets and discarded. Run the firewall defend ip-spoofing enable command to enable IP spoofing attack defense.

Method used to disable the interface access function for the USG2000&5000 series on the web UI
You can disable the interface login for the USG2000&5000 series as follows: 1. Choose Network > Interface > Interface on the web page. 2. On the interface editing page, deselect Enable Access Management. This configuration has a higher priority than security policies. After the deselection of Enable Access Management, even you are allowed to access the local zone from the interface locating security zone, as an administrator, you still cannot log in to the device through the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top