Configuring the USG2000&5000 to allow only login through SSH from the extranet

0

Configure the USG2000&5000 to allow only login through SSH from the extranet as follows:
Configuration roadmap:
1. Create an SSH user on the USG.

2. Generate a local key pair on the USG.

3. Enable the STelnet/SFTP service on the USG.

4. Log in to the USG through the client.

Other related questions:
Configuring SSH on the USG2000&5000
Configure SSH on the USG2000&5000 as follows: Configuration roadmap: USG_A serves as the client, and USG_B as the SSH server. 1. Create an SSH user on USG_B. 2. Generate a local key pair on USG_B. 3. Enable the STelnet/SFTP service on USG_B. 4. Log in to USG_B through USG_A on the client.

Changing the Telnet/SSH login timeout period on the USG2000&5000&6000
Change the Telnet/SSH login timeout period on the USG2000&5000&6000 as follows: Set the login timeout period for the Telnet/SSH user. For example: Set the login timeout period for the Telnet user to 1 minute and 30 seconds. system-view [sysname] user-interface vty 0 4 [sysname-ui-vty0-4] idle-timeout 1 30

Setting the SSH password on the USG2000&5000
Login through SSH improves the security of data transmission. Therefore, you are advised to log in through SSH. In addition, you are advised to use AAA for authentication. 1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through SSH. 2. Configure connection number limit on the VTY administrator interface. 3. Set the administrator account and password for login through SSH. system-view [sysname] ssh user admin1 [sysname] ssh user admin1 authentication-type password [sysname] aaa [sysname-aaa] local-user admin1 password cipher ********* [sysname-aaa] local-user admin1 service-type ssh [sysname-aaa] local-user admin1 level 3 [sysname-aaa] local-user admin1 access-limit 1 4. Enable the STelnet service on the device. 5. Set the client service mode of the SSH account to STelnet.

Configuring a policy to allow port access through the CLI of the USG2000&5000
On the CLI of the USG2000&5000 series, configure a security policy, set the condition to source port and the action to permit.

Login through a WAN interface to the USG2000&5000 series
To log in to the USG2000&5000 series from a WAN interface, do as follows: On the WAN interface editing page, select Enable access management, and select HTTP and HTTPS to allow users to access the interface through HTTP and HTTPS to manage the device.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top