Configuring a trusted host for an administrator account

28

By binding an administrator account to an ACL, you can strictly control the login IP address of the administrator and forbid other non-specified IP addresses to log in to the device.
1. Configure a trusted host for the administrator.
[sysname] acl 2001
[sysname-acl-basic-2001] rule permit source 10.3.0.0 0.0.0.255
[sysname-acl-basic-2001] quit

2. Bind the administrator account named abc to trusted host.
[sysname] aaa
[sysname-aaa] manager-user abc
[sysname-aaa-manager-user-abc] acl-number 2001

Other related questions:
Default administrator account of the USG6000 series
The NGFW provides two default accounts: - System administrator account: admin/Admin@123. For the first time, you can use this account to log in to the USG6000 through the console port or web UI. - Auditor account: audit-admin/Admin@123. This account can be used to configure audit policies and view audit logs.

What is the default administrator account
The NGFW provides two default accounts. -System administrator account admin and password Admin@123: You can use this account to log in to the device through console or web UI for first login. -Audit administrator account audit-admin and password Admin@123: This account is for configuring audit policies and viewing audit logs only.

Configuring a USG trusted host
The USG2000&5000&6000 trusted hosts are described and configured as follows: Trusted host: Specifies the range of host IP addresses. The format is IP address/mask, for example, 10.1.1.1/24 or 10.1.1.1/255.255.255.0. A maximum of 10 hosts can be configured. Adding a host: Choose System > Admin > Administrators, click Add or Modify on the right of the created administrator, and enter the address of the trusted host. - The configuration method using the CLI on the USG6000 is as follows: system-view Enter system view, return user view with Ctrl+Z. [USG6600]acl 2000 [USG6600-1-acl-basic-2000]rule 5 permit source 1.100.1.1 0 [USG6600-acl-basic-2000]rule 10 deny [USG6600-acl-basic-2000]quit [USG6600]aaa [USG6600-aaa]manager-user admin [USG6600-aaa-manager-user-admin]acl-number 2000 - The configuration method using the CLI on the USG2000&5000 is as follows: system-view Enter system view, return user view with Ctrl+Z. [USG2000]acl 2000 [USG2000-1-acl-basic-2000]rule 5 permit source 1.100.1.1 0 [USG2000-acl-basic-2000]rule 10 deny [USG2000-acl-basic-2000]quit [USG2000]aaa [USG2000-aaa]local-user admin acl-number 2000

Changing the password for an administrator account on FusionAccess
The procedure for changing the password for an administrator account on FusionAccess is as follows: 1. Log in to the FusionAccess system. 2. Choose System > Initial Configuration > Domain/OU. 3. On the Domain/OU page, locate the row containing the domain whose configuration information is to be modified, and click the Modify icon. 4. Enter the password of the administrator account. 5. Click OK. ----End

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top