Configuring a trusted host for an administrator account

10

By binding an administrator account to an ACL, you can strictly control the login IP address of the administrator and forbid other non-specified IP addresses to log in to the device.
1. Configure a trusted host for the administrator.
[sysname] acl 2001
[sysname-acl-basic-2001] rule permit source 10.3.0.0 0.0.0.255
[sysname-acl-basic-2001] quit

2. Bind the administrator account named abc to trusted host.
[sysname] aaa
[sysname-aaa] manager-user abc
[sysname-aaa-manager-user-abc] acl-number 2001

Other related questions:
Configuring a USG trusted host
The USG2000&5000&6000 trusted hosts are described and configured as follows: Trusted host: Specifies the range of host IP addresses. The format is IP address/mask, for example, 10.1.1.1/24 or 10.1.1.1/255.255.255.0. A maximum of 10 hosts can be configured. Adding a host: Choose System > Admin > Administrators, click Add or Modify on the right of the created administrator, and enter the address of the trusted host. - The configuration method using the CLI on the USG6000 is as follows: system-view Enter system view, return user view with Ctrl+Z. [USG6600]acl 2000 [USG6600-1-acl-basic-2000]rule 5 permit source 1.100.1.1 0 [USG6600-acl-basic-2000]rule 10 deny [USG6600-acl-basic-2000]quit [USG6600]aaa [USG6600-aaa]manager-user admin [USG6600-aaa-manager-user-admin]acl-number 2000 - The configuration method using the CLI on the USG2000&5000 is as follows: system-view Enter system view, return user view with Ctrl+Z. [USG2000]acl 2000 [USG2000-1-acl-basic-2000]rule 5 permit source 1.100.1.1 0 [USG2000-acl-basic-2000]rule 10 deny [USG2000-acl-basic-2000]quit [USG2000]aaa [USG2000-aaa]local-user admin acl-number 2000

What is the default administrator account
The NGFW provides two default accounts. -System administrator account admin and password Admin@123: You can use this account to log in to the device through console or web UI for first login. -Audit administrator account audit-admin and password Admin@123: This account is for configuring audit policies and viewing audit logs only.

Changing the password for an administrator account on FusionAccess
The procedure for changing the password for an administrator account on FusionAccess is as follows: 1. Log in to the FusionAccess system. 2. Choose System > Initial Configuration > Domain/OU. 3. On the Domain/OU page, locate the row containing the domain whose configuration information is to be modified, and click the Modify icon. 4. Enter the password of the administrator account. 5. Click OK. ----End

Default administrator account of the USG6000 series
The NGFW provides two default accounts: - System administrator account: admin/Admin@123. For the first time, you can use this account to log in to the USG6000 through the console port or web UI. - Auditor account: audit-admin/Admin@123. This account can be used to configure audit policies and view audit logs.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top