Whether the USG2000&5000&6000 support specifying source addresses for Telnet


The USG2000&5000&6000 series does not support specifying source addresses during telnet to other device. The local address for telneting to other devices is the IP address of the outbound interface to the destination address.

Other related questions:
Whether the USG2000&5000&6000 support reflective ACLs
The USG6650 and USG5120 do not support reflective ACLs for now.

Configuring telneting to other devices on the USG2000&5000&6000
USG2000&5000&6000  configure telneting to other devices as follows:

To manage other intranet devices with the firewall as a springboard, perform as follows:

14:33:04  2011/03/26 
Trying ... 
Press CTRL+T to abort

In this way, you can perform operations on other devices.

Whether the USG2000&5000 support the Telnet function
By default, the USG2000&5000 have the Telnet function enabled, and users can directly use the initial administrator account admin to log in to the device.

Disabling the Telnet or SSH service on the USG2000&5000&6000
USG2000&5000& Perform as follows to disable the Telnet or SSH service:
1.  Disable the Telnet service.
<USG> system-VIEW
Enter system view, return user view with Ctrl+Z.  
[USG]undo telnet  server  enable 

2.  Disable the SSH service.
Enter system view, return user view with Ctrl+Z.  
[USG]undo stelnet server  enable

Restricting the administrator to access the USG2000&5000&6000 through a fixed source address
Configure the USG2000&5000&6000 to restrict the administrator to access through a fixed source address as follows: Set the VTY authentication mode to AAA on the USG to allow login of only a certain IP address: system-view [USG6600] [USG6600] acl 3000 [USG6600-acl-adv-3000]rule permit ip source 0 // allowed only. [USG6600-acl-adv-3000]quit [USG6600] user-interface vty 0 4 [USG6600-ui-vty0-4] authentication-mode aaa [USG6600-ui-vty0-4]acl 3000 inbound //The ACL here is deny by default. [USG6600-ui-vty0-4] quit After the preceding configurations, only addresses for which the action is permit in ACL 3000 or specific source addresses can telnet to the firewall.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top