Manually importing SSL VPN users in batches on the USG6000

19

The procedure for manually importing users and user groups in batches on the USG6000 is as follows:

1. Prepare a CSV file and upload the CSF file to the memory of the NGFW.
a. The CSV file can be obtained in the following ways:
Export a CSV template from the local NGFW or other NGFWs. Fill in user information in the CSV template based on the required format.
Choose Object > User > Import User > Local Import or Object > User > User/Group > Member Management > Import and download a CSV template.
b Precautions
(1) The file name extension of the CSV file is .csv.
(2) During the import, if the current number of users reaches the maximum value, the import is suspended and imported users are not affected. If an attribute of a user in the CSV file is invalid, this user and subsequent users cannot be imported and imported users are not affected.
(3) After the CSV file is imported successfully, user/group information is imported to the memory. The information is lost after the NGFW restarts. Therefore, save the configuration properly.
(4) In two-node hot backup mode, users imported from a CSV file are not backed up from the primary device to the secondary device. Perform import on both the primary and secondary devices.

2. Run the following commands in the system view:

user-manage user-import csv-file [ auto-create-group | override ]
auto-create-group
If the user group to which a user in the CSV file belongs does not exist on the NGFW, the NGFW automatically creates the user group during the import.
Override
If a user in the CSV file already exists on the NGFW, you can enable the NGFW to automatically update the attributes of this user based on the CSV file.

Other related questions:
Importing SSL VPN users to the USG6000 from the server
The procedure for importing users and user groups from the server is as follows: You can import user, user group, and security group information on the server to the NGFW to reduce the manual operation workload. Prerequisites Before importing users, user groups, and security groups from the server, finish the following task: Configure the AD, Lightweight Directory Access Protocol (LDAP), or TSM server. Procedure: 1. Create an AD, LDAP, or TSM server import policy in the system view and access the server import policy view. user-manage import-policy policy-name from { ad | ldap | tsm } 2. Configure a server template. server template template-name The server template defines the parameters used by the NGFW to communicate with the AD, LDAP, or TSM server. The server template must exist and match the authentication server type specified in the server import policy. 3. Configure the start position for importing user, user group, and security group information from the authentication server. server basedn basedn The start position is composed of the server domain name and user group name. The format is: ou=level-N user group,…�?ou=level-2 user group,ou=level-1 user group,dc=level-N domain name,…�?dc=level-2 domain name,dc=level-1 domain name. 4. (Optional) Configure the import type. import-type { all | group | security-group | user | user-group | user-security-group } The import type can be: all: all information group: user group information security-group: security group information user: user information user-group: user and user group information user-security-group: user and security group information 5. (Optional) Configure the user group on the NGFW to which user and user group information is to be imported. destination-group group-name 6. Configure the security group on the NGFW to which user information is to be imported. destination-security-group security-group-name 7. (Optional) Configure the import interval. time-interval time-interval 8. (Optional) Allow users, user groups, and security groups on the authentication server to override those with the same name on the NGFW. import-override enable 9. (Optional) Configure filtering parameters. The filtering parameters take effect only to the AD and LDAP servers. Follow-up processing After creating a server import policy, run execute user-manage import-policy policy-name to import user, user group, and security group information on the server to the NGFW.

Locking out SSL VPN users on the USG6000
user-manager user user-name state block //Lock out users. state active //Cancel locking out users.

USG2000 & 5000 Import SSL VPN users from the server
Refers to the bulk import user support for local import and server import. Local import supports CSV format files; server import supports AD server, LDAP server, and TSM server import. Import users in bulk from CSV format files 1. Select "User> Internet User> User Import". 2. Select the Local Import tab. 3. In CSV Format File Import, click CSV Template to download the CSV template to the Administrator PC. 4. Read the comment text in the CSV template carefully, fill in the user information that needs to be imported, and edit the CSV format file. 5. In CSV Format File Import, click Browse, select the pre-edited CSV format file, and click Open. 6. Select the parameters in turn. 7. Click Start Import. Import users from the authentication server on a batch basis.The device only supports bulk import of users from AD, LDAP, and TSM servers. Among them, LDAP server only supports AD and Open LDAP two types. The import type supports the following: Import only users Import only the organizational unit User and organizational unit Import only security groups Use only import security groups. After you create a new server import policy, you must perform an import policy to import users (groups) on the authentication server to the device. 1. Select "User> Internet User> User Import". 2. Select the Server Import tab. 3. Click New. 4. Select or enter the parameters in turn. 5. Click Apply. If the operation is successful, a new server import policy will be added to the Server Import Policy List. 6. In the Server Import Policy List, click the row where the policy was created. 7. In the confirmation dialog box that is displayed, click Yes to immediately execute the import policy and import the user (group) information from the corresponding authentication server.

How does USG6000 freeze SSL VPN users
user-manager user user-name state block //freeze state active //To freeze

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top