USG2000 & 5000 & 6000 Configure the SNMP community name


For NGFW, configure the SNMP community name as follows:

snmp-agent community
Use the snmp-agent community command to set the community access name of SNMPv1 and SNMPv2c and the corresponding MIB view and access control list.

Command format
snmp-agent community {read | write} community-name [mib-view view-name | acl acl-number] *

# Set the community name to Comaccess & 123, and the access is read-only.
System-view [sysname] snmp-agent community read Comaccess & 123 # Set the community name to Mgr & 1234 and access to read and write.
System-view [sysname] snmp-agent community write Mgr & 1234 # delete community name Comaccess & 123.
System-view [sysname] undo snmp-agent community Comaccess & 123

Other related questions:
The USG2000 & 5000 & 6000 series is configured with port mirroring.
Note: Enabling the port mirroring feature helps to locate the network, but because the function may affect the performance of the device to a certain extent, use it with caution. After the network problem is finished, turn off port mirroring. To prevent the problem that the mirroring packets can not be received due to the different transmission rate of the interface, make sure that the transmission rate of the observing port and the mirroring port are the same. Steps 1. Run the system-view command to enter the system view. 2, the implementation of the command observing-port observing-port, configure the observation port. The observing port is a non-service interface for transmitting traffic packets that are mirrored to the port. You can observe the packets passing through the corresponding port through the observing port. Run the port-mirroring mirroring-port {both | inbound | outbound} observing-port [acl-number acl-number] command to enable port mirroring. The mirroring port is a service port for sending and receiving service packets. Before you enable port mirroring, the corresponding observing port must already be configured with the observing-port command.

Configuring a MAC address-based ACL on the USG2000&5000&6000
1. Run the system-view command to access the system view. 2. Run the acl [ number ] acl-number command to create a MAC address-based ACL and access the ACL view. An ACL whose number ranges from 4000 to 4999 is a MAC address-based ACL. 3. (Optional) Run the description text command to configure a description for the ACL. Appropriate descriptions of ACLs help you to further manage the ACLs. 4. (Optional) Run the step step-value command to configure an ACL step. The default value is 5. After you set a step for the ACL, the system can automatically assign rule IDs if you do not specify the rule IDs. The automatically assigned rule IDs are multiple of the step in ascending order. The step allows you to insert rules between two rules. You can set a step for an ACL only when no rule is configured for the ACL. After you configure an ACL rule, you are not allowed to change the step. 5. Run the rule [ rule-id ] { permit | deny } [ cos cos | dest-mac destination-address destination-mac-wildcard | source-mac source-address source-mac-wildcard | type { type-code | type-name } ] * [ description description ] command to create a rule for the MAC address-based ACL. - If rule-id is not specified during the configuration, a new rule is added. In this case, the system automatically assigns a minimum number that is larger than the maximum number of the existing rule and integer times of the step to the new rule according to the step. For example, if the maximum number of the existing rule is 21 and the step is 5, the system assigns number 25 to the new rule. - If rule-id is specified and the related rule with the same ID exists, the existing rule is edited. If no related rule with the same ID exists, a new rule is added and inserted to the corresponding position according to its rule-id. - A new or modified rule should be different from any existing one; otherwise, the creation or modification fails and the system prompts you that the rule already exists.

Recommended attack defense configuration on the USG2000&5000&6000
The following attack defense configurations are recommended if there are no special attack defense requirements: firewall defend land enable firewall defend smurf enable firewall defend fraggle enable firewall defend winnuke enable firewall defend source-route enable firewall defend route-record enable firewall defend time-stamp enable firewall defend ping-of-death enable

Configuring telneting to other devices on the USG2000&5000&6000
USG2000&5000&6000  configure telneting to other devices as follows:

To manage other intranet devices with the firewall as a springboard, perform as follows:

14:33:04  2011/03/26 
Trying ... 
Press CTRL+T to abort

In this way, you can perform operations on other devices.

Default levels of the USG2000&5000&6000 administrators
The default level of the administrators of all USG series is empty. You need to configure the level and permission of each user.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top