Searching the profile location on USG firewalls

2

1. The current directory of the profile on the USG firewall is as follows:
HRP_Adir /View the current directory.
10:08:18 2015/04/22
Directory of hda1:/
Idx Attr Size(Byte) Date Time FileName
10 -rw- 9149 Feb 27 2015 15:23:58 vrpcfg.zip /Location of the profile
11 -rw- 32768 Apr 21 2015 13:39:10 userinfo.db
12 -rw- 1268 Feb 10 2015 12:18:30 hostkey
13 -rw- 548 Feb 10 2015 12:18:30 serverkey
1179680 KB total (576896 KB free)

2. If the profile does not exist in the current directory, run the cd + directory command to redirect to the directory where the profile is saved, and run the dir command to view the content in the current directory.
cd flash: /Change the directory.
dir /View the current directory.
Directory of flash:/

0 -rw- 43046824 Aug 19 2014 16:39:41 sup.bin
1 -rw- 0 Aug 19 2014 17:02:39 patchnpstate.dat
2 -rw- 37 Apr 10 2015 08:42:15 private-data.txt
3 -rw- 4648 Apr 07 2015 10:48:53 vrpcfg.zip /Location of the profile
4 -rw- 7526 Dec 12 2014 16:39:09 vrpcfg11.cfg
5 -rw- 512 Jan 28 2015 10:50:26 runmode.ini

57277 KB total (15220 KB free)

Other related questions:
Saving a file to a specified path on the firewall
Save the configuration file to a specified directory as follows: Method 1: 1. cd flash:/Access the Flash directory. 2. mkdir test/Create the test directory (folder). Info: Create directory flash:/test......Done. 3. cd test/Access the test directory. 4. save configuration.zip/Save the configuration to configuration.zip. Are you sure to save the configuration to flash:/test/configuration.zip?[Y/N]:y Now saving the current configuration to the device. 2015-04-22 17:52:46 Firewall %%01CFM/4/SAVE_FILE(l): When deciding whether to save con figuration to the file flash:/test/configuration.zip, the user chose Y... Info: Save the current config to flash:/test/configuration.zip successfully 5. dir/Display the configuration file saved under the test directory. 17:52:49 2015/04/22 Directory of flash:/test/ 0 -rw- 1009 Apr 22 2015 17:52:47 configuration.zip/Saved configuration file. 31248 KB total (31104 KB free) Method 2: 1. save flash:/test/conf.zip /Save configuration file conf.zip to Flash:/test. Are you sure to save the configuration to flash:/test/conf.zip?[Y/N]:y Now saving the current configuration to the device. 2015-04-22 17:58:25 Firewall %%01CFM/4/SAVE_FILE(l): When deciding whether to save con figuration to the file flash:/test/conf.zip, the user chose Y... Info: Save the current config to flash:/test/conf.zip successfully 2. dir /Displays the file under the Flash directory. 17:58:29 2015/04/22 Directory of flash:/ 0 -rw- 61 Apr 22 2015 17:58:26 private-data.txt 1 drw- - Apr 22 2015 17:45:08 ceshi 2 -rw- 2243 Apr 22 2015 17:49:56 vrpcfg.cfg 3 drw- - Apr 22 2015 17:52:16 test /Directory for saving the configuration file. 31248 KB total (31088 KB free) 3. cd test /Access the test directory. 4. dir /Display files under the test directory. 17:58:35 2015/04/22 Directory of flash:/test/ 0 -rw- 1009 Apr 22 2015 17:52:47 configuration.zip 1 -rw- 991 Apr 22 2015 17:58:26 conf.zip /Saved configuration file. 31248 KB total (31088 KB free)

USG firewall security association
USG firewall security association What is security association (SA)? The IPSec SA is a unidirectional logical connection created for security purposes. The SA is bidirectional and requires an IPSec SA in each direction. The number of SAs depends on the security protocol. If either the AH or ESP is used to protect traffic between peers, two SAs, one in each direction, exist between the peers. If both the AH and the ESP are used, four SAs, two in each direction corresponding to the AH and the ESP, exist between the peers. Therefore, an IPSec SA is not equivalent to a connection. The IPSec SA is uniquely identified by a triplet. The triplet includes the following elements: Security Parameter Index (SPI) The SPI is a 32-bit value that is generated to uniquely identify an SA. The SPI is carried in the AH and ESP headers. The SPI, destination IP address, and security protocol number uniquely identify an IPSec SA. Destination IP address Security protocol number (AH or ESP) Creation mode The IPSec SA is classified into two types: SA that is manually created and SA that is created by means of IKE automatic negotiation (isakmp). Major differences between two types of SAs are as follows: Different key generation modes In manual mode, all parameters required by the IPSec SA, including encryption and verification keys, are manually configured or manually updated. In IKE mode, encryption and verification keys required by the IPSec SA are generated by the DH algorithm and can be dynamically updated. The key management cost is low and the security is high. Different IPSec SA lifetime In manual mode, once an IPSec SA is created, it permanently exists. In IKE mode, the IPSec SA establishment is triggered by the data flow, and the SA lifetime is controlled by lifetime parameters configured on both ends.

USG firewall configuration saving
If the configuration is not saved or fails to be saved, it is lost. You can save the configuration files on USG firewalls as follows: 1. CLI save //Save the input information.// 11:36:31 2015/03/04 The current configuration will be written to the device. Are you sure you want to continue?[Y/N]y //Click Y to configure the saving.// Now saving the current configuration to the device............................................ Info: The current configuration was saved to the device successfully. 2. Web UI: Click the Save button in the upper right corner on the web UI. In the displayed window, click Overwrite the profile used for next boot and then click OK.

Method used to view the enabled profile of the USG2000 and USG5000 firewalls
Run the display startup command to view the profiles used for the current boot and the next boot. display startup MainBoard: Configed startup system software: flash:/sup.bin Startup system software: flash:/sup.bin Next startup system software: flash:/sup.bin Startup saved-configuration file: flash:/vrpcfg.zip Next startup saved-configuration file: flash:/vrpcfg.zip Next startup configuration: backup-configuration Startup saved-configuration file/Profile used for the current boot Next startup saved-configuration file/Profile used for the next boot

RIP configuration of USG firewalls
Configure the RIP on the USG2000 or USG5000 as follows: 1. Run the system-view command to enter the system view. 2. Run the rip [ process-id ] command to enable the RIP route process and enter the RIP view. If the RIP commands are configured in the interface view before the RIP is enabled, the configuration only takes effect after the RIP is enabled. 3. Run the network network-address command to enable the RIP in the specified network segment. The RIP runs only at the interface in the specified network segment. For other interfaces, the RIP does not receive and send routes or does not forward the interface route. Therefore, after the RIP is enabled, you must specify the network segment. The network-address indicates the address in the natural network segment. By default, the RIP is disabled at all interfaces after it is enabled. Note: The RIP does not support different addresses specified for different RIP processes of the same physical interface. 4. By default, the interface receives RIP-1 and RIP-2 packets but sends only RIP-1 packets. When the interface version is RIP-2, you can specify the packet sending mode. If the RIP version is not configured for the interface, the global version shall prevail. Configure the global RIP version by running the version { 1 | 2 } command. Configure the RIP version for the interface. a. Run the system-view command to enter the system view. b. Run the interface interface-type interface-number command to enter the interface view. c. Run the rip version { 1 | 2 [ broadcast | multicast ] } command to specify the RIP version of the interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top